| <div class="wiki-content maincontent"><h3>The SSL Transport</h3><p>The SSL transport allows clients to connect to a remote ActiveMQ broker using SSL over a TCP socket.</p><h4>Configuration Syntax</h4><p><strong>ssl://hostname:port?transportOptions</strong></p><h4>Transport Options</h4><p>The configuration options from <link><page ri:content-title="TCP Transport Reference"></page><plain-text-link-body>TCP</plain-text-link-body></link> are relevant.</p><h4>Example URI</h4><structured-macro ac:macro-id="6c15c74e-ae37-4e27-8bd7-389c92691762" ac:name="noformat" ac:schema-version="1"><plain-text-body>ssl://localhost:61616?trace=false |
| </plain-text-body></structured-macro><h4>SSLServerSocket options</h4><p>From version 5.4 any <a shape="rect" href="http://java.sun.com/j2se/1.4.2/docs/api/javax/net/ssl/SSLServerSocket.html">SSLServerSocket</a> option may be set on a TransportConnection via <strong>?transport.XXX</strong>, for example:</p><structured-macro ac:macro-id="da6558b0-9572-4e6f-8e5e-1af659b3305e" ac:name="noformat" ac:schema-version="1"><plain-text-body>ssl://localhost:61616?transport.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA |
| ssl://localhost:61616?transport.needClientAuth=true |
| </plain-text-body></structured-macro><p> </p><h4>Client configuration</h4><p>JMS clients can simply use the <a shape="rect" href="http://activemq.apache.org/maven/5.9.0/apidocs/org/apache/activemq/ActiveMQSslConnectionFactory.html">ActiveMQSslConnectionFactory</a> together with an ssl:// broker url as the following Spring configuration illustrates</p><structured-macro ac:macro-id="e66bf756-3630-49f9-9c18-a34f6c528232" ac:name="code" ac:schema-version="1"><parameter ac:name="">xml</parameter><plain-text-body> |
| <bean id="AMQJMSConnectionFactory" class="org.apache.activemq.ActiveMQSslConnectionFactory"> |
| <property name="trustStore" value="/path/to/truststore.ts" /> |
| <property name="trustStorePassword" value="password" /> |
| <property name="keyStore" value="/path/to/keystore.ks" /> |
| <property name="keyStorePassword" value="password" /> |
| <property name="brokerURL" value="ssl://localhost:61616" /> |
| <property name="userName" value="admin" /> |
| <property name="password" value="admin" /> |
| </bean> |
| </plain-text-body></structured-macro><p>Unless the broker's SSL transport is configured for transport.needClientAuth=true, the client won't need a keystore but requires a truststore in order to validate the broker's certificate.</p><p>Similar to the broker transport configuration you can pass on SSL transport options using <strong>?socket.XXX</strong>, such as</p><pre>ssl://localhost:61616?socket.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA</pre><h4>Other Links</h4><ul><li><link><page ri:content-title="How do I use SSL"></page></link></li></ul><p>You can also turn on SSL debug informations this way by adding:</p><structured-macro ac:macro-id="60cc214c-95c0-46ac-9d16-589497309ff5" ac:name="code" ac:schema-version="1"><plain-text-body>-Djavax.net.debug=ssl |
| </plain-text-body></structured-macro><p>this way you can see what goes wrong and why you get connections closed.</p><structured-macro ac:macro-id="ed0bb968-b677-4fef-8132-ce41c9fc8dce" ac:name="warning" ac:schema-version="1"><parameter ac:name="title">"Be careful with multicast discovery"</parameter><rich-text-body><p>If your XML configuration file contains the following and you wish to use SSL</p><structured-macro ac:macro-id="ae3f1c52-2314-40b4-b23e-a8c9da458e4c" ac:name="code" ac:schema-version="1"><plain-text-body> <networkConnector uri="multicast://default"/> |
| </plain-text-body></structured-macro><p>Then you will currently need to comment that out.<br clear="none"> The reason is to prevent ActiveMQ atempting to connect to itself - if you do this with a self-signed<br clear="none"> certificate, you will get a constant spam of certificate_unknown<br clear="none"> stacktraces to the console, as the broker is not configured with the<br clear="none"> truststore,</p></rich-text-body></structured-macro></div> |
| |
