You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by akshattandon <ak...@gmail.com> on 2014/08/13 13:29:27 UTC
Securing JMS queque
Hi
I am facing an issue while configuring ssl for JMS on apache service mix ,
I have configured the broker in its blueprint file
<bean id="jms" class="org.apache.camel.component.jms.JmsComponent">
<property name="connectionFactory">
<bean class="org.apache.activemq.ActiveMQSslConnectionFactory">
<property name="trustStore" value="C:/client.ts" />
<property name="trustStorePassword" value="abc" />
<property name="keyStore" value="C:/broker.ks" />
<property name="keyStorePassword" value="password" />
<property name="brokerURL"
value="nio+ssl://localhost:61617?trace=true" />
<property name="userName" value="smx" />
<property name="password" value="smx" />
</bean>
</property>
</bean>
along with it i have configured activemq.xml with following entries
<sslContext>
<sslContext
keyStore="C:/broker.ks" keyStorePassword="abc"
trustStore="C:/client.ts" trustStorePassword="abc" />
</sslContext>
<transportConnectors>
<transportConnector name="openwire"
uri="nio+ssl://localhost:61617?trace=true&needClientAuth=true&maximumConnections=1000&wireFormat.maxFrameSize=104857600"/>
</transportConnectors>
the broker is started sucessfully and started publishing on
Publishing: nio+ssl://127.0.0.1:61617 for broker transport URI:
nio+ssl://127.0.0.1:61617?trace=true&needClientAuth=true&maximumConnections=1000&wireFormat.maxFrameSize=104857600
but somehow connections are created on tcp
and being displayed like following
tcp://127.0.0.1:49881
can someone guide us how to make the connection as ssl as well
--
View this message in context: http://activemq.2283324.n4.nabble.com/Securing-JMS-queque-tp4684509.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: Securing JMS queque
Posted by artnaseef <ar...@artnaseef.com>.
One question - where is the tcp:// address "seen"?
As long as there are no "tcp:" nor "nio:" transports configured on the
broker, there is no way for a client to connect without SSL. If they try,
the server logs an error about improper SSL handshake and suggests a
"plain-text" connection was attempted.
Check the webconsole or via JMX to confirm the only connector is the nio+ssl
connector.
On the client side, make sure all clients use ssl:// for the URL.
--
View this message in context: http://activemq.2283324.n4.nabble.com/Securing-JMS-queque-tp4684509p4684967.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: Securing JMS queque
Posted by Matt Pavlovich <ma...@gmail.com>.
This "tcp://127.0.0.1:49881” looks like the client-side port, which is standard for TCP/IP client-server traffic. If you have confirmed that messages are moving, than you should feel confident that SSL is working. if you want to validate with complete certainty, open a network sniffer and you should see the traffic is encrypted.
On Aug 13, 2014, at 6:29 AM, akshattandon <ak...@gmail.com> wrote:
> Hi
>
> I am facing an issue while configuring ssl for JMS on apache service mix ,
>
> I have configured the broker in its blueprint file
>
> <bean id="jms" class="org.apache.camel.component.jms.JmsComponent">
> <property name="connectionFactory">
> <bean class="org.apache.activemq.ActiveMQSslConnectionFactory">
> <property name="trustStore" value="C:/client.ts" />
> <property name="trustStorePassword" value="abc" />
> <property name="keyStore" value="C:/broker.ks" />
> <property name="keyStorePassword" value="password" />
> <property name="brokerURL"
> value="nio+ssl://localhost:61617?trace=true" />
> <property name="userName" value="smx" />
> <property name="password" value="smx" />
> </bean>
> </property>
> </bean>
>
> along with it i have configured activemq.xml with following entries
>
> <sslContext>
> <sslContext
> keyStore="C:/broker.ks" keyStorePassword="abc"
> trustStore="C:/client.ts" trustStorePassword="abc" />
> </sslContext>
> <transportConnectors>
>
> <transportConnector name="openwire"
> uri="nio+ssl://localhost:61617?trace=true&needClientAuth=true&maximumConnections=1000&wireFormat.maxFrameSize=104857600"/>
> </transportConnectors>
>
>
> the broker is started sucessfully and started publishing on
> Publishing: nio+ssl://127.0.0.1:61617 for broker transport URI:
> nio+ssl://127.0.0.1:61617?trace=true&needClientAuth=true&maximumConnections=1000&wireFormat.maxFrameSize=104857600
>
> but somehow connections are created on tcp
> and being displayed like following
>
> tcp://127.0.0.1:49881
>
>
> can someone guide us how to make the connection as ssl as well
>
>
>
>
>
>
>
> --
> View this message in context: http://activemq.2283324.n4.nabble.com/Securing-JMS-queque-tp4684509.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.