8.2.7. Enable SSL in Java Clients
- For both server and client authentication, import the trusted CA to your trust store and keystore and generate keys for them. Create a certificate request using the generated keys and then create a certificate using the request. You can then import the signed certificate into your keystore. Pass the following arguments to the Java JVM when starting your client:
-Djavax.net.ssl.keyStore=/home/bob/ssl_test/keystore.jks -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.trustStore=/home/bob/ssl_test/certstore.jks -Djavax.net.ssl.trustStorePassword=password
- For server side authentication only, import the trusted CA to your trust store and pass the following arguments to the Java JVM when starting your client:
-Djavax.net.ssl.trustStore=/home/bob/ssl_test/certstore.jks -Djavax.net.ssl.trustStorePassword=password
- Java clients must use the SSL option in the connection URL to enable SSL encryption, per the following example.
amqp://username:password@clientid/test?brokerlist='tcp://localhost:5672?ssl='true''
- If you need to debug problems in an SSL connection, enable Java's SSL debugging by passing the argument
-Djavax.net.debug=ssl
to the Java JVM when starting your client.
See Also: