The SSL TransportThe SSL transport allows clients to connect to a remote ActiveMQ broker using SSL over a TCP socket. Configuration Syntaxssl://hostname:port?transportOptions Transport OptionsThe configuration options from TCP are relevant. Example URIssl://localhost:61616?trace=false SSLServerSocket optionsFrom version 5.4 any SSLServerSocket option may be set on a TransportConnection via ?transport.XXX, for example: ssl://localhost:61616?transport.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ssl://localhost:61616?transport.needClientAuth=true
Client configurationJMS clients can simply use the ActiveMQSslConnectionFactory together with an ssl:// broker url as the following Spring configuration illustrates <bean id="AMQJMSConnectionFactory" class="org.apache.activemq.ActiveMQSslConnectionFactory"> <property name="trustStore" value="/path/to/truststore.ts" /> <property name="trustStorePassword" value="password" /> <property name="keyStore" value="/path/to/keystore.ks" /> <property name="keyStorePassword" value="password" /> <property name="brokerURL" value="ssl://localhost:61616" /> <property name="userName" value="admin" /> <property name="password" value="admin" /> </bean> Unless the broker's SSL transport is configured for transport.needClientAuth=true, the client won't need a keystore but requires a truststore in order to validate the broker's certificate. Similar to the broker transport configuration you can pass on SSL transport options using ?socket.XXX, such as ssl://localhost:61616?socket.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA Other LinksYou can also turn on SSL debug informations this way by adding: -Djavax.net.debug=ssl this way you can see what goes wrong and why you get connections closed. "Be careful with multicast discovery" If your XML configuration file contains the following and you wish to use SSL <networkConnector uri="multicast://default"/> Then you will currently need to comment that out. |