LibraryToggle FramesPrintFeedback

Setting Security Context for the Openwire/SSL Protocol

Overview

Apart from configuration using JSSE system properties, the Openwire/SSL protocol (with schema, ssl:) also supports an option to set its SSL security context using the broker configuration file.

[Note]Note

The methods for setting the security context described in this section are available exclusively for the Openwire/SSL protocol. These features are not supported by the HTTPS protocol.

Setting security context in the broker configuration file

To configure the Openwire/SSL security context in the broker configuration file, edit the attributes in the sslContext element. For example, the default broker configuration file, conf/activemq.xml, includes the following entry:

<beans ...>
    ...
    <broker ...>
        <sslContext>
            <sslContext keyStore="file:${activemq.base}/conf/broker.ks"
                        keyStorePassword="password"
                        trustStore="file:${activemq.base}/conf/broker.ts"
                        trustStorePassword="password"/>
        </sslContext>
        ...
    </broker>
    ...
</beans>

Where the activemq.base property is defined in the activemq[.bat|.sh] script. You can specify any of the following sslContext attributes:

  • keyStore—equivalent to setting javax.net.ssl.keyStore.

  • keyStorePassword—equivalent to setting javax.net.ssl.keyStorePassword.

  • keyStoreType—equivalent to setting javax.net.ssl.keyStoreType.

  • keyStoreAlgorithm—defaults to JKS.

  • trustStore—equivalent to setting javax.net.ssl.trustStore.

  • trustStorePassword—equivalent to setting javax.net.ssl.trustStorePassword.

  • trustStoreType—equivalent to setting javax.net.ssl.trustStoreType.

Comments powered by Disqus