Red Hat AMQ 6
As of February 2025, Red Hat is no longer supporting Red Hat AMQ 6. If you are using AMQ 6, please upgrade: Migrating to AMQ 7.1.3. Preparing to use AMQ with SSL
Overview
Copy linkLink copied to clipboard!
				This section gives a brief overview of how to secure A-MQ using SSL to run the clients with security features enabled. To setup SSL for server authentication, you require broker certificates and password configuration.
			
- To generate a certificate for the amq broker, create a directory on your system to hold the generated files. For example, mkdir certificates_dir
- To generate the certificates, navigate to the certificates directory and run the following command.keytool -genkey -alias broker -keyalg RSA -keystore broker.ks \ -storepass ${general_passwd} -dname "O=RedHat Inc.,CN=$(hostname)" \ -keypass ${general_passwd} -validity 99999keytool -genkey -alias broker -keyalg RSA -keystore broker.ks \ -storepass ${general_passwd} -dname "O=RedHat Inc.,CN=$(hostname)" \ -keypass ${general_passwd} -validity 99999Copy to Clipboard Copied! Toggle word wrap Toggle overflow where,general_passwdis the value of the password that you need to specify andhostnamespecify the hostname as per the settings on your system
Setting up A-MQ for listening to amqp+ssl connection 
Copy linkLink copied to clipboard!
				To enable server authentication, client authentication, and to skip SASL authentication, modify the 
activemq.xml file to include the authentication settings
			- For Server authentication, add the amqp+ssl connector to the list iftransportConnectorsinactivemq.xml.<transportConnector name="amqp+ssl" uri="amqp+ssl://<hostname>:5671"/> <transportConnector name="amqp+ssl" uri="amqp+ssl://<hostname>:5671"/>Copy to Clipboard Copied! Toggle word wrap Toggle overflow 
- For Client authentication, add the amqp+ssl connector to the list iftransportConnectorsinactivemq.xml<transportConnector name="amqp+ssl" uri="amqp+ssl://<hostname>:5671?needClientAuth=true"/> <transportConnector name="amqp+ssl" uri="amqp+ssl://<hostname>:5671?needClientAuth=true"/>Copy to Clipboard Copied! Toggle word wrap Toggle overflow 
- For skip SASL authentication, enable the anonymous access property for thesimpleAuthenticationPlugininactivemq.xml<simpleAuthenticationPlugin anonymousAccessAllowed="true"/> <simpleAuthenticationPlugin anonymousAccessAllowed="true"/>Copy to Clipboard Copied! Toggle word wrap Toggle overflow