You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@activemq.apache.org by Justin Bertram <jb...@apache.org> on 2018/05/07 17:53:59 UTC

Re: [ARTEMIS] core-client: DiscoveryGroup with mSSL TransportConfiguration

The DiscoveryGroup is used to listen for UDP-multicast broadcasts from a
broker's BroadcastGroup. The connector defined in the broker's
BroadcastGroup is what the client will use to connect to that broker. Of
course, this presents a problem for things that need to be configured
specifically for each client like SSL artifacts. To deal with this you can
use the traditional SSL system properties (i.e. javax.net.ssl.keyStore,
javax.net.ssl.keyStorePassword, javax.net.ssl.trustStore,
javax.net.ssl.trustStorePassword).


Justin

On Tue, Apr 24, 2018 at 11:28 AM, andrea.rizzini@gmail.com <
andrea.rizzini@gmail.com> wrote:

> Hi All,
>
> i have setup a cluster of artemis 2.5.0 in a shared-storage mode.
>
> I have create a simple java program which connects to the cluster when a
> failover event happens the client connects to the new elected master
> (transparently).
>
> This client has been  implemented using the artemis-core-client api.
> (DiscoveryGroupConfiguration, ActiveMQClient.createServerLocatorWithHA,
> ServerLocator, ClientSessionFactory, ClientSession)
>
> Because the communication from the client to the artemis server is
> unprotected i would like to enable the mSSL, mutual SSL. I have replicated
> the broker config and additional configuration (cert-user.properties,
> cert-role.properties, login.property, broker.xml) from artemis samples:
> "https://github.com/apache/activemq-artemis/tree/master/
> examples/features/standard/ssl-enabled"?
>
> But looking at the /ActiveMQClient.createServerLocatorWithHA/ i haven't
> found a method to create a serverLocator by using a custom
> DiscoveryGroupConfiguration and TransportConfiguration (where i would
> specify ssl paramters such as trustore + password and keystore + password.
>
> Does anyone have some pointers to achieve this?
>
> I would have thought that the UDP discovery group would allow the client to
> list the severs connection list and pick the right one?
>
> DiscoveryGroupConfiguration and TransportConfiguration  seems to be
> mutually
> esclusive, so how can i have a DiscoveryGroupConfiguration and then using
> MSSL when connecting to the artemis server?
>
> Regards
>
> Andrea
>
>
>
> --
> Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-
> f2341805.html
>