1.3. Preparing to use AMQ with SSL


Overview

This section gives a brief overview of how to secure A-MQ using SSL to run the clients with security features enabled. To setup SSL for server authentication, you require broker certificates and password configuration.
  • To generate a certificate for the amq broker, create a directory on your system to hold the generated files. For example, mkdir certificates_dir
  • To generate the certificates, navigate to the certificates directory and run the following command.
    keytool -genkey -alias broker -keyalg RSA -keystore broker.ks \ -storepass ${general_passwd} -dname "O=RedHat Inc.,CN=$(hostname)" \ -keypass ${general_passwd} -validity 99999
    where, general_passwd is the value of the password that you need to specify and hostname specify the hostname as per the settings on your system

Setting up A-MQ for listening to amqp+ssl connection

To enable server authentication, client authentication, and to skip SASL authentication, modify the activemq.xml file to include the authentication settings
  • For Server authentication, add the amqp+ssl connector to the list if transportConnectors in activemq.xml.
    <transportConnector name="amqp+ssl" uri="amqp+ssl://<hostname>:5671"/>
  • For Client authentication, add the amqp+ssl connector to the list if transportConnectors in activemq.xml
    <transportConnector name="amqp+ssl" uri="amqp+ssl://<hostname>:5671?needClientAuth=true"/>
  • For skip SASL authentication, enable the anonymous access property for the simpleAuthenticationPlugin in activemq.xml
    <simpleAuthenticationPlugin anonymousAccessAllowed="true"/>
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.