1.3. Preparing to use AMQ with SSL
Overview
This section gives a brief overview of how to secure A-MQ using SSL to run the clients with security features enabled. To setup SSL for server authentication, you require broker certificates and password configuration.
- To generate a certificate for the amq broker, create a directory on your system to hold the generated files. For example, mkdir certificates_dir
- To generate the certificates, navigate to the certificates directory and run the following command.
keytool -genkey -alias broker -keyalg RSA -keystore broker.ks \ -storepass ${general_passwd} -dname "O=RedHat Inc.,CN=$(hostname)" \ -keypass ${general_passwd} -validity 99999where,general_passwdis the value of the password that you need to specify andhostnamespecify the hostname as per the settings on your system
Setting up A-MQ for listening to amqp+ssl connection
To enable server authentication, client authentication, and to skip SASL authentication, modify the
activemq.xml file to include the authentication settings
- For Server authentication, add the amqp+ssl connector to the list if
transportConnectorsinactivemq.xml.<transportConnector name="amqp+ssl" uri="amqp+ssl://<hostname>:5671"/>
- For Client authentication, add the amqp+ssl connector to the list if
transportConnectorsinactivemq.xml<transportConnector name="amqp+ssl" uri="amqp+ssl://<hostname>:5671?needClientAuth=true"/>
- For skip SASL authentication, enable the anonymous access property for the
simpleAuthenticationPlugininactivemq.xml<simpleAuthenticationPlugin anonymousAccessAllowed="true"/>
