cms/how-do-i-use-the-ssl-transport.xml - activemq-web - Git at Google

 <div class="wiki-content maincontent"><p>The first thing you need to do in order to use the SSL Transport in ActiveMQ-CPP is to build the library with SSL support enabled, for that see the <link><page ri:content-title="Building FAQs"></page><link-body>Build FAQs</link-body></link>.</p>

 <p>Once you have a build that supports the SSL protocol then its pretty simple, just replace the use of the <em>TCP</em> Transport in your connection URI with SSL, for example:  </p>

 <structured-macro ac:macro-id="52f589ed-9f33-48fd-967b-efabc07ffa0c" ac:name="noformat" ac:schema-version="1"><plain-text-body>
 tcp://broker1:61616
 </plain-text-body></structured-macro>

 <p>becomes:</p>

 <structured-macro ac:macro-id="859b73ed-9e01-48b7-86ce-19bcdab4acb2" ac:name="noformat" ac:schema-version="1"><plain-text-body>
 ssl://broker1:61616
 </plain-text-body></structured-macro>

 <p>You should note that in order to validate that the certificate that the broker sends is the one we want we must validate the "Common Name (CN)" field from the certificate against the host-name in the URI.  If you have trouble connecting to the broker one of the first things to check it if your host-name matches the broker certificate common name.</p>

 <p>That's almost it, there's just a couple other things you need might need to do.  The SSL transport needs to know whether or not to trust the certificate that the Broker sends to it, for this you need to set a property in the Decaf library (this is the native library ActiveMQ-CPP uses for cross platform support).  The property you set tells the library where to find either the Broker's Certificate or the Certificate of the Authority that signed the broker's certificate.  If you are using the Failover Transport (which you should be) in conjunction with the SSL Transport then its best to set the property to point to the certificate that signed all your broker's certificates.  Here's what the code looks like:</p>

 <structured-macro ac:macro-id="f9f78a4d-7595-4914-843a-687c8868dfd4" ac:name="noformat" ac:schema-version="1"><plain-text-body>

 #include &lt;decaf/lang/System.h&gt;

 ...

 decaf::lang::System::setProperty( "decaf.net.ssl.trustStore", "&lt;path to Certificate file&gt;/certificate.pem" );

 </plain-text-body></structured-macro>

 <p>One thing to note here is that since we are using OpenSSL as our SSL Engine the Certificate needs to be in PEM format.</p></div>
	<div class="wiki-content maincontent"><p>The first thing you need to do in order to use the SSL Transport in ActiveMQ-CPP is to build the library with SSL support enabled, for that see the <link><page ri:content-title="Building FAQs"></page><link-body>Build FAQs</link-body></link>.</p>

	<p>Once you have a build that supports the SSL protocol then its pretty simple, just replace the use of the <em>TCP</em> Transport in your connection URI with SSL, for example: </p>

	<structured-macro ac:macro-id="52f589ed-9f33-48fd-967b-efabc07ffa0c" ac:name="noformat" ac:schema-version="1"><plain-text-body>
	tcp://broker1:61616
	</plain-text-body></structured-macro>

	<p>becomes:</p>

	<structured-macro ac:macro-id="859b73ed-9e01-48b7-86ce-19bcdab4acb2" ac:name="noformat" ac:schema-version="1"><plain-text-body>
	ssl://broker1:61616
	</plain-text-body></structured-macro>

	<p>You should note that in order to validate that the certificate that the broker sends is the one we want we must validate the "Common Name (CN)" field from the certificate against the host-name in the URI. If you have trouble connecting to the broker one of the first things to check it if your host-name matches the broker certificate common name.</p>

	<p>That's almost it, there's just a couple other things you need might need to do. The SSL transport needs to know whether or not to trust the certificate that the Broker sends to it, for this you need to set a property in the Decaf library (this is the native library ActiveMQ-CPP uses for cross platform support). The property you set tells the library where to find either the Broker's Certificate or the Certificate of the Authority that signed the broker's certificate. If you are using the Failover Transport (which you should be) in conjunction with the SSL Transport then its best to set the property to point to the certificate that signed all your broker's certificates. Here's what the code looks like:</p>

	<structured-macro ac:macro-id="f9f78a4d-7595-4914-843a-687c8868dfd4" ac:name="noformat" ac:schema-version="1"><plain-text-body>

	#include <decaf/lang/System.h>

	...

	decaf::lang::System::setProperty( "decaf.net.ssl.trustStore", "<path to Certificate file>/certificate.pem" );

	</plain-text-body></structured-macro>

	<p>One thing to note here is that since we are using OpenSSL as our SSL Engine the Certificate needs to be in PEM format.</p></div>