This week's book giveaway is in the Agile and other Processes forum.
We're giving away four copies of The Mikado Method and have Ola Ellnestam and Daniel Brolund on-line!
See this thread for details.
The moose likes EJB and other Java EE Technologies and the fly likes JMS ActiveMQ JBOSS SSL Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of The Mikado Method this week in the Agile and other Processes forum!
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Reply Bookmark "JMS ActiveMQ JBOSS SSL" Watch "JMS ActiveMQ JBOSS SSL" New topic
Author

JMS ActiveMQ JBOSS SSL

gilbert engle
Greenhorn

Joined: Jun 03, 2009
Posts: 24
posted
0
Quote
I successfully got ActiveMQ working with SSL and JBOSS. Here's all the information


Follow directions here

http://activemq.apache.org/how-do-i-use-ssl.html

// I don't think it is necessary to update ALL of the following files but I haven't taken the time to figure which are important
activemq-command,xml

<transportConnector name="ssl" uri="ssl://localhost:61617?wantClientAuth=true&needClientAuth=true&transport.commandTracingEnabled=true" />

activemq-demo.xml // probably not needed

<transportConnector name="ssl" uri="ssl://localhost:61617"/>

activemq-dynamic-network-broker1.xml

<transportConnector name="ssl" uri="ssl://localhost:61617?wantClientAuth=true&needClientAuth=true&transport.commandTracingEnabled=true" />

activemq-dynamic-network-broker2.xml

<transportConnector name="ssl" uri="ssl://localhost:61617?wantClientAuth=true&needClientAuth=true&transport.commandTracingEnabled=true" />

activemq-jdbc.xml

<transportConnector name="ssl" uri="ssl://localhost:61617?wantClientAuth=true&needClientAuth=true&transport.commandTracingEnabled=true" />

activemq-security.xml

<transportConnector name="ssl" uri="ssl://localhost:61617?wantClientAuth=true&needClientAuth=true&transport.commandTracingEnabled=true" />

activemq-specjms.xml

<transportConnector name="ssl" uri="ssl://localhost:61617?wantClientAuth=true&needClientAuth=true&transport.commandTracingEnabled=true" />

activemq-static-network-broker1.xml

<transportConnector name="ssl" uri="ssl://localhost:61617?wantClientAuth=true&needClientAuth=true&transport.commandTracingEnabled=true" />

activemq-static-network-broker2.xml

<networkConnector uri="staticssl://localhost:61616)" duplex="true"/>

activemq-throughput.xml

<transportConnector name="ssl" uri="ssl://localhost:61617?needClientAuth=true" />

activemq.xml (inside <broker>

<transportConnector name="ssl" uri="ssl://localhost:61617?needClientAuth=true" />

activemq.xml

<transportConnector name="ssl" uri="ssl://localhost:61617?needClientAuth=true" />

// the following was placed inside AND outside of <broker>
<amq:broker useJmx="false" persistent="false">

<amq:sslContext>
<amq:sslContext
keyStore="c:/ActiveMQ/broker.ks" keyStorePassword="password"
trustStore="c:/ActiveMQ/client.ks" trustStorePassword="password"/>
</amq:sslContext>

<amq:transportConnectors>
<amq:transportConnector uri="ssl://localhost:61616" />
</amq:transportConnectors>

</amq:broker>


Download activemq-cpp-library-3.4.3 project
Download Bloodshed Dev C++
Download Open SSL
Drop all source files from activemq-cpp-library-3.4.3/src/main into a Dev C++ project
Set Dev C++ to build a DLL
Update main/activmq/util/Config.h, insert #define HAVE_OPENSSL 1
Build DLL from Dev C++
Update system PATH variable to point to directory containing the DLL
Update system PATH variable to point to \OpenSSL-Win64\lib

Change your code so that you have

ConnectionFactory connectionFactory =
new ActiveMQConnectionFactory("ssl://localhost:61617");

Update activemq.bat to set info about keystores and trust stores, when starting activemq precede by seting ACTIVEMQ_ENCRYPTION_PASSWORD=activemq

"%_JAVACMD%" %SUNJMX% %ACTIVEMQ_DEBUG_OPTS% %ACTIVEMQ_OPTS% %SSL_OPTS% -Dactivemq.classpath="%ACTIVEMQ_CLASSPATH%" -Dactivemq.home="%ACTIVEMQ_HOME%" -Dactivemq.base="%ACTIVEMQ_BASE%" -Dactivemq.conf="%ACTIVEMQ_CONF%" -Dactivemq.data="%ACTIVEMQ_DATA%" -Djava.io.tmpdir="%ACTIVEMQ_TMP%" -Djavax.net.ssl.keyStore=c:/ActiveMQ/broker.ks -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.trustStore=c:/activemq/broker.ts -Djavax.net.ssl.trustStorePassword=password -jar "%ACTIVEMQ_HOME%/bin/run.jar" %*

Add debug command to activemq

if "%ACTIVEMQ_OPTS%" == "" set ACTIVEMQ_OPTS=-Xms1G -Xmx1G -Djava.util.logging.config.file=logging.properties -Djavax.net.debug=ssl

When starting client add

java -Djavax.net.debug=ssl -Djavax.net.ssl.keyStore=c:/yourpath/client.ks -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.trustStore=c:/yourpath/client.ts -Djavax.net.ssl.trustStorePassword=password


OK, I tried to cover everything. All of this will definitely help you reach your goal of ActiveMQ invocation with server and client SSL validation



 
I agree. Here's the link: http://zeroturnaround.com/jrebel - it saves me about five hours per week
 
subject: JMS ActiveMQ JBOSS SSL
 
Similar Threads
Connection timeout with HttpsURLConnection
HTTP Post SSL certificates (Jakarta HTTP Commons)
Problem with implementing SSL
SSL implementation problem-keystore file not found
2-way ssl not working: bad certificate