8.2.7. Enable SSL in Java Clients

For both server and client authentication, import the trusted CA to your trust store and keystore and generate keys for them. Create a certificate request using the generated keys and then create a certificate using the request. You can then import the signed certificate into your keystore. Pass the following arguments to the Java JVM when starting your client:
```
-Djavax.net.ssl.keyStore=/home/bob/ssl_test/keystore.jks
-Djavax.net.ssl.keyStorePassword=password
-Djavax.net.ssl.trustStore=/home/bob/ssl_test/certstore.jks
-Djavax.net.ssl.trustStorePassword=password
```
For server side authentication only, import the trusted CA to your trust store and pass the following arguments to the Java JVM when starting your client:
```
-Djavax.net.ssl.trustStore=/home/bob/ssl_test/certstore.jks
-Djavax.net.ssl.trustStorePassword=password
```
Java clients must use the SSL option in the connection URL to enable SSL encryption, per the following example.
```
amqp://username:password@clientid/test?brokerlist='tcp://localhost:5672?ssl='true''
```
If you need to debug problems in an SSL connection, enable Java's SSL debugging by passing the argument -Djavax.net.debug=ssl to the Java JVM when starting your client.

See Also:

Report a bug