3.4. Setting up SSL for A-MQ

download PDF

ActiveMQ includes key and trust stores that reference a dummy self signed certificate.
To install and configure SSL support for A-MQ, you need to create a keystore file to store the server's private key and self-signed certificate and uncomment the SSL HTTP/1.1 Connector entry in conf/server.xml.
When you create a broker certificate and trust stores for your installation, either overwrite the values in the conf directory or delete the existing dummy key and trust stores so they do not interfere.

Starting the Broker with SSL

To start the broker, use the > and system properties
  1. Set the SSL_OPTS environment variable so that it knows to use the broker keystore. <export SSL_OPTS =
    Alternately, you can set the system properties in the broker configuration file.
To configure the security context in the broker configuration file, follow the instructions below:
  • In the conf/activemq.xml, edit the attributes in the sslContext element.
  • Set the values for KeyStore, Key StorePassword, truststore, trustStorePassword.
          <sslContext keyStore="file:${activemq.base}/conf/broker.ks"
equivalent to setting
equivalent to setting
equivalent to setting
defaults to JKS
equivalent to setting
equivalent to setting
equivalent to setting

Verifying Client Certificates

To verify client certificates, follow the below instructions:
  • Export the client's certificate to share it with the broker. keytool -export -alias client -keystore client.ks -file client_cert
  • Create a truststore for the broker and import the client's certificate. This ensures that the broker trusts the client.
    keytool -import -alias client -keystore broker.ts -file client_cert
  • Add system property to SSL_OPTS
  • Instruct ActiveMQ to require client authentication by setting the following in activemq.xml.
      <transportConnector name="ssl" uri="ssl://localhost:61617?needClientAuth=true"/>
Red Hat logoGithubRedditYoutubeTwitter


Try, buy, & sell


About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.