| <!DOCTYPE html> |
| <!-- |
| - |
| - Licensed to the Apache Software Foundation (ASF) under one |
| - or more contributor license agreements. See the NOTICE file |
| - distributed with this work for additional information |
| - regarding copyright ownership. The ASF licenses this file |
| - to you under the Apache License, Version 2.0 (the |
| - "License"); you may not use this file except in compliance |
| - with the License. You may obtain a copy of the License at |
| - |
| - http://www.apache.org/licenses/LICENSE-2.0 |
| - |
| - Unless required by applicable law or agreed to in writing, |
| - software distributed under the License is distributed on an |
| - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| - KIND, either express or implied. See the License for the |
| - specific language governing permissions and limitations |
| - under the License. |
| - |
| --> |
| <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> |
| <head> |
| <title>7.11. Keystores - Apache Qpid™</title> |
| <meta http-equiv="X-UA-Compatible" content="IE=edge"/> |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"/> |
| <link rel="stylesheet" href="/site.css" type="text/css" async="async"/> |
| <link rel="stylesheet" href="/deferred.css" type="text/css" defer="defer"/> |
| <script type="text/javascript">var _deferredFunctions = [];</script> |
| <script type="text/javascript" src="/deferred.js" defer="defer"></script> |
| <!--[if lte IE 8]> |
| <link rel="stylesheet" href="/ie.css" type="text/css"/> |
| <script type="text/javascript" src="/html5shiv.js"></script> |
| <![endif]--> |
| |
| <!-- Redirects for `go get` and godoc.org --> |
| <meta name="go-import" |
| content="qpid.apache.org git https://gitbox.apache.org/repos/asf/qpid-proton.git"/> |
| <meta name="go-source" |
| content="qpid.apache.org |
| https://github.com/apache/qpid-proton/blob/go1/README.md |
| https://github.com/apache/qpid-proton/tree/go1{/dir} |
| https://github.com/apache/qpid-proton/blob/go1{/dir}/{file}#L{line}"/> |
| </head> |
| <body> |
| <div id="-content"> |
| <div id="-top" class="panel"> |
| <a id="-menu-link"><img width="16" height="16" src="" alt="Menu"/></a> |
| |
| <a id="-search-link"><img width="22" height="16" src="" alt="Search"/></a> |
| |
| <ul id="-global-navigation"> |
| <li><a id="-logotype" href="/index.html">Apache Qpid<sup>™</sup></a></li> |
| <li><a href="/documentation.html">Documentation</a></li> |
| <li><a href="/download.html">Download</a></li> |
| <li><a href="/discussion.html">Discussion</a></li> |
| </ul> |
| </div> |
| |
| <div id="-menu" class="panel" style="display: none;"> |
| <div class="flex"> |
| <section> |
| <h3>Project</h3> |
| |
| <ul> |
| <li><a href="/overview.html">Overview</a></li> |
| <li><a href="/components/index.html">Components</a></li> |
| <li><a href="/releases/index.html">Releases</a></li> |
| </ul> |
| </section> |
| |
| <section> |
| <h3>Messaging APIs</h3> |
| |
| <ul> |
| <li><a href="/proton/index.html">Qpid Proton</a></li> |
| <li><a href="/components/jms/index.html">Qpid JMS</a></li> |
| <li><a href="/components/messaging-api/index.html">Qpid Messaging API</a></li> |
| </ul> |
| </section> |
| |
| <section> |
| <h3>Servers and tools</h3> |
| |
| <ul> |
| <li><a href="/components/broker-j/index.html">Broker-J</a></li> |
| <li><a href="/components/cpp-broker/index.html">C++ broker</a></li> |
| <li><a href="/components/dispatch-router/index.html">Dispatch router</a></li> |
| </ul> |
| </section> |
| |
| <section> |
| <h3>Resources</h3> |
| |
| <ul> |
| <li><a href="/dashboard.html">Dashboard</a></li> |
| <li><a href="https://cwiki.apache.org/confluence/display/qpid/Index">Wiki</a></li> |
| <li><a href="/resources.html">More resources</a></li> |
| </ul> |
| </section> |
| </div> |
| </div> |
| |
| <div id="-search" class="panel" style="display: none;"> |
| <form action="http://www.google.com/search" method="get"> |
| <input type="hidden" name="sitesearch" value="qpid.apache.org"/> |
| <input type="text" name="q" maxlength="255" autofocus="autofocus" tabindex="1"/> |
| <button type="submit">Search</button> |
| <a href="/search.html">More ways to search</a> |
| </form> |
| </div> |
| |
| <div id="-middle" class="panel"> |
| <ul id="-path-navigation"><li><a href="/index.html">Home</a></li><li><a href="/releases/index.html">Releases</a></li><li><a href="/releases/qpid-broker-j-7.1.9/index.html">Qpid Broker-J 7.1.9</a></li><li><a href="/releases/qpid-broker-j-7.1.9/book/index.html">Apache Qpid Broker-J</a></li><li>7.11. Keystores</li></ul> |
| |
| <div id="-middle-content"> |
| <div class="docbook"><div class="navheader"><table summary="Navigation header" width="100%"><tr><th align="center" colspan="3">7.11. Keystores</th></tr><tr><td align="left" width="20%"><a accesskey="p" href="Java-Broker-Management-Managing-Authentication-Providers.html">Prev</a> </td><th align="center" width="60%">Chapter 7. Managing Entities</th><td align="right" width="20%"> <a accesskey="n" href="Java-Broker-Management-Managing-Truststores.html">Next</a></td></tr></table><hr /></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="Java-Broker-Management-Managing-Keystores"></a>7.11. Keystores</h2></div></div></div><p>A <a class="link" href="Java-Broker-Concepts-Other-Services.html#Java-Broker-Concepts-Keystores" title="4.10.3. Keystores">Keystore</a> is required by a Port in |
| order to use SSL for messaging and/or management.</p><p>The Broker supports a number of different keystore types. These are described |
| below.</p><p>The key material may be held by the Broker itself (held inline within the configuration) |
| or you may use references to files on the server's file system. Whichever mechanism is |
| chosen it is imperative to ensure that private key material remains confidential.</p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Management-Managing-Keystores-Types"></a>7.11.1. Types</h3></div></div></div><p>The following keystore types are supported. </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="emphasis"><em>File Key Store</em></span>. This type accepts the standard JKS |
| keystore format undertood by Java and Java tools such as <a class="link" href="http://docs.oracle.com/javase/7/docs/technotes/tools/solaris/keytool.html" target="_top">keytool</a>.</p><p>If the keystore contains multiple keys, it is possible to indicate which |
| certificate is to be used by specifying an alias. If no alias is specified |
| the first certificate found in the keystore will be used.</p></li><li class="listitem"><p><span class="emphasis"><em>Non Java Key Store</em></span>. A Non Java Keystore accepts key |
| material in PEM and DER file formats. With this store type it is necessary |
| to provide the private key, which must not be protected by password, |
| certificate and optionally a file containing intermediate |
| certificates.</p></li><li class="listitem"><p><span class="emphasis"><em>Auto Generated Self Signed</em></span> has the ability to |
| generate a self signed certificate and produce a truststore |
| suitable for use by an application using the Apache Qpid JMS and Apache Qpid JMS AMQP 0-x clients.</p><p>The use of self signed certficates is not recommended for production |
| use.</p></li></ul></div><p> |
| </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Management-Managing-Keystores-Attributes"></a>7.11.2. Attributes</h3></div></div></div><p> |
| </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="emphasis"><em>Name the keystore</em></span>. Used to identify the |
| keystore.</p></li></ul></div><p> |
| </p><p>The following attributes apply to <span class="emphasis"><em>File Key Stores</em></span> only.</p><p> |
| </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="emphasis"><em>Keystore path</em></span>. File Key Stores only. Path to keystore |
| file</p></li><li class="listitem"><p><span class="emphasis"><em>Keystore password</em></span>. Password used to secure the keystore</p><div class="important" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Important</h3><p> The password of the certificate used by the Broker <span class="bold"><strong>must</strong></span> match the password of the keystore |
| itself. This is a restriction of the Broker implementation. If |
| using the <a class="link" href="http://docs.oracle.com/javase/7/docs/technotes/tools/solaris/keytool.html" target="_top">keytool</a> utility, note |
| that this means the argument to the <code class="option">-keypass</code> option |
| must match the <code class="option">-storepass</code> option. </p></div></li><li class="listitem"><p><span class="emphasis"><em>Certificate Alias</em></span>. An optional way of specifying |
| which certificate the broker should use if the keystore contains multiple |
| entries.</p></li><li class="listitem"><p><span class="emphasis"><em>Manager Factory Algorithm</em></span>.In keystores the have more |
| than one certificate, the alias identifies the certificate to be |
| used.</p></li><li class="listitem"><p><span class="emphasis"><em>Key Store Type</em></span>. Type of Keystore.</p></li><li class="listitem"><p><span class="emphasis"><em>Use SNI host name matching</em></span>. If selected, SNI server name from |
| an SSL handshake will be used to select the most appropriate certificate |
| by matching an indicated hostname with the certificate hostname specified in subject or |
| subject alternatives as CN or DC.</p></li></ul></div><p> |
| </p><p>The following attributes apply to <span class="emphasis"><em>Non Java Key Stores</em></span> |
| only.</p><p> |
| </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="emphasis"><em>Private Key</em></span>. The private key in DER or PEM format. |
| This file must not be password protected.</p></li><li class="listitem"><p><span class="emphasis"><em>Certificate</em></span>. The cerificate in DER or PEM |
| format.</p></li><li class="listitem"><p><span class="emphasis"><em>Intermediates Certificates </em></span>. Optional. Intermediate |
| cerificates in PEM or DER format.</p></li></ul></div><p> |
| </p><p>The following attributes apply to <span class="emphasis"><em>Auto Generated Self Signed</em></span> |
| only.</p><p> |
| </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="emphasis"><em>Algorithm</em></span>. Optional. Algorithm used to generate the |
| self-signed certificate.</p></li><li class="listitem"><p><span class="emphasis"><em>Signature Algorithm </em></span>. Optional. The name of signature |
| algorithm.</p></li><li class="listitem"><p><span class="emphasis"><em>Key Length</em></span>. Optional. Length of the key in |
| bits.</p></li><li class="listitem"><p><span class="emphasis"><em>Duration</em></span>. Optional. Validility period in |
| months.</p></li></ul></div><p> |
| </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Management-Managing-Keystores-Children"></a>7.11.3. Children</h3></div></div></div><p>None</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Management-Managing-Keystores-Lifecycle"></a>7.11.4. Lifecycle</h3></div></div></div><p>Not supported</p></div></div><div class="navfooter"><hr /><table summary="Navigation footer" width="100%"><tr><td align="left" width="40%"><a accesskey="p" href="Java-Broker-Management-Managing-Authentication-Providers.html">Prev</a> </td><td align="center" width="20%"><a accesskey="u" href="Java-Broker-Management-Managing-Entities.html">Up</a></td><td align="right" width="40%"> <a accesskey="n" href="Java-Broker-Management-Managing-Truststores.html">Next</a></td></tr><tr><td align="left" valign="top" width="40%">7.10. Authentication Providers </td><td align="center" width="20%"><a accesskey="h" href="Apache-Qpid-Broker-J-Book.html">Home</a></td><td align="right" valign="top" width="40%"> 7.12. Truststores</td></tr></table></div></div> |
| |
| <hr/> |
| |
| <ul id="-apache-navigation"> |
| <li><a href="http://www.apache.org/">Apache</a></li> |
| <li><a href="http://www.apache.org/licenses/">License</a></li> |
| <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li> |
| <li><a href="http://www.apache.org/foundation/thanks.html">Thanks!</a></li> |
| <li><a href="/security.html">Security</a></li> |
| <li><a href="http://www.apache.org/"><img id="-apache-feather" width="48" height="14" src="" alt="Apache"/></a></li> |
| </ul> |
| |
| <p id="-legal"> |
| Apache Qpid, Messaging built on AMQP; Copyright © 2015 |
| The Apache Software Foundation; Licensed under |
| the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache |
| License, Version 2.0</a>; Apache Qpid, Qpid, Qpid Proton, |
| Proton, Apache, the Apache feather logo, and the Apache Qpid |
| project logo are trademarks of The Apache Software |
| Foundation; All other marks mentioned may be trademarks or |
| registered trademarks of their respective owners |
| </p> |
| </div> |
| </div> |
| </div> |
| </body> |
| </html> |
