Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

3.4. Setting up SSL for A-MQ

Link kopieren

ActiveMQ includes key and trust stores that reference a dummy self signed certificate.
To install and configure SSL support for A-MQ, you need to create a keystore file to store the server's private key and self-signed certificate and uncomment the SSL HTTP/1.1 Connector entry in conf/server.xml.
Note
When you create a broker certificate and trust stores for your installation, either overwrite the values in the conf directory or delete the existing dummy key and trust stores so they do not interfere.

Starting the Broker with SSL
Link kopieren

To start the broker, use the >javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword system properties
  1. Set the SSL_OPTS environment variable so that it knows to use the broker keystore. <export SSL_OPTS = -Djavax.net.ssl.keyStore=/path/to/broker.ks -Djavax.net.ssl.keyStorePassword=password
    Alternately, you can set the system properties in the broker configuration file.
To configure the security context in the broker configuration file, follow the instructions below:
  • In the conf/activemq.xml, edit the attributes in the sslContext element.
  • Set the values for KeyStore, Key StorePassword, truststore, trustStorePassword. 
    <beans>
  <broker>
    <sslContext>
      <sslContext keyStore="file:${activemq.base}/conf/broker.ks"
        keyStorePassword="password"
        trustStore="file:${activemq.base}/conf/broker.ts"
        trustStorePassword="password"/>
     </sslContext>
  </broker>
</beans>
    Copy to Clipboard Toggle word wrap
keyStore
equivalent to setting javax.net.ssl.keyStore
keyStorePassword
equivalent to setting javax.net.ssl.keyStorePassword
keyStoreType
equivalent to setting javax.net.ssl.keyStoreType
keyStoreAlgorithm
defaults to JKS
trustStore
equivalent to setting javax.net.ssl.trustStore
trustStorePassword
equivalent to setting javax.net.ssl.trustStorePassword
trustStoreType
equivalent to setting javax.net.ssl.trustStoreType

Verifying Client Certificates
Link kopieren

To verify client certificates, follow the below instructions:
  • Export the client's certificate to share it with the broker. keytool -export -alias client -keystore client.ks -file client_cert
  • Create a truststore for the broker and import the client's certificate. This ensures that the broker trusts the client. 
    keytool -import -alias client -keystore broker.ts -file client_cert
    Copy to Clipboard Toggle word wrap
  • Add javax.net.ssl.trustStore system property to SSL_OPTS Djavax.net.ssl.trustStore=/path/to/broker.ts
  • Instruct ActiveMQ to require client authentication by setting the following in activemq.xml. 
    <transportConnectors>
  <transportConnector name="ssl" uri="ssl://localhost:61617?needClientAuth=true"/>
</transportConnectors>
    Copy to Clipboard Toggle word wrap
Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat