이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Appendix A. Managing certificates


A.1. Installing certificate authority certificates

SSL/TLS authentication relies on digital certificates issued by trusted Certificate Authorities (CAs). When an SSL/TLS connection is established by a client, the AMQP peer sends a server certificate to the client. This server certificate must be signed by one of the CAs in the client’s Trusted Root Certification Authorities certificate store.

If the user is creating self-signed certificates for use by Red Hat AMQ Broker, then the user must create a CA to sign the certificates. Then the user can enable the client SSL/TLS handshake by installing the self-signed CA file ca.crt.

  1. From an administrator command prompt, run the MMC Certificate Manager plugin, certmgr.msc.
  2. Expand the Trusted Root Certification Authorities folder on the left to expose Certificates.
  3. Right-click Certificates and select All Tasks and then Import.
  4. Click Next.
  5. Browse to select file ca.crt.
  6. Click Next.
  7. Select Place all certificates in the following store.
  8. Select certificate store Trusted Root Certification Authorities.
  9. Click Next.
  10. Click Finish.

For more information about installing certificates, see Managing Microsoft Certificate Services and SSL.

A.2. Installing client certificates

In order to use SSL/TLS and client certficates, the certificates with the client’s private keys must be imported into the proper certificate store on the client system.

  1. From an administrator command prompt, run the MMC Certificate Manager plugin, certmgr.msc.
  2. Expand the Personal folder on the left to expose Certificates.
  3. Right-click Certificates and select All Tasks and then Import.
  4. Click Next.
  5. Click Browse.
  6. In the file type pulldown, select Personal Information Exchange (\.pfx;*.p12).
  7. Select file client.p12 and click Open.
  8. Click Next.
  9. Enter the password for the private key password field. Accept the default import options.
  10. Click Next.
  11. Select Place all certificates in the following store.
  12. Select certificate store Personal.
  13. Click Next.
  14. Click Finish.

A.3. Hello World using client certificates

Before a client will return a certificate to the broker, the AMQ .NET library must be told which certificates to use. The client certificate file client.crt is added to the list of certificates to be used during SChannel connection startup.

factory.SSL.ClientCertificates.Add(
    X509Certificate.CreateFromCertFile(certfile)
    );

In this example, certfile is the full path to the client.p12 certificate installed in the Personal certificate store. A complete example is found in HelloWorld-client-certs.cs. This source file and the supporting project files are available in the SDK.

Red Hat logoGithubRedditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

© 2024 Red Hat, Inc.