You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@activemq.apache.org by akshattandon <ak...@gmail.com> on 2014/08/13 13:29:27 UTC

Securing JMS queque

Hi 

I am facing an issue while configuring ssl for JMS on apache service mix , 

I have configured the broker in its blueprint file 

<bean id="jms" class="org.apache.camel.component.jms.JmsComponent">
		<property name="connectionFactory">
			<bean class="org.apache.activemq.ActiveMQSslConnectionFactory">
				  <property name="trustStore" value="C:/client.ts" />
				  <property name="trustStorePassword" value="abc" />
				  <property name="keyStore" value="C:/broker.ks" />
				  <property name="keyStorePassword" value="password" />
				  <property name="brokerURL"
value="nio+ssl://localhost:61617?trace=true" />
				  <property name="userName" value="smx" /> 
				  <property name="password" value="smx" />
			</bean>
		</property>
	</bean>

along with it i have configured activemq.xml with following entries 

	<sslContext>
			<sslContext 
			  keyStore="C:/broker.ks" keyStorePassword="abc" 
			  trustStore="C:/client.ts" trustStorePassword="abc" />
		</sslContext>
        <transportConnectors>
             
			  <transportConnector name="openwire"
uri="nio+ssl://localhost:61617?trace=true&amp;needClientAuth=true&amp;maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
        </transportConnectors>


the broker is started sucessfully and started publishing on 
Publishing: nio+ssl://127.0.0.1:61617 for broker transport URI:
nio+ssl://127.0.0.1:61617?trace=true&needClientAuth=true&maximumConnections=1000&wireFormat.maxFrameSize=104857600

but somehow connections are created on tcp 
and being displayed like following 

tcp://127.0.0.1:49881	


can someone guide us how to make the connection as ssl as well 

 





--
View this message in context: http://activemq.2283324.n4.nabble.com/Securing-JMS-queque-tp4684509.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Re: Securing JMS queque

Posted by artnaseef <ar...@artnaseef.com>.

One question - where is the tcp:// address "seen"?

As long as there are no "tcp:" nor "nio:" transports configured on the
broker, there is no way for a client to connect without SSL.  If they try,
the server logs an error about improper SSL handshake and suggests a
"plain-text" connection was attempted.

Check the webconsole or via JMX to confirm the only connector is the nio+ssl
connector.

On the client side, make sure all clients use ssl:// for the URL.



--
View this message in context: http://activemq.2283324.n4.nabble.com/Securing-JMS-queque-tp4684509p4684967.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Re: Securing JMS queque

Posted by Matt Pavlovich <ma...@gmail.com>.

This "tcp://127.0.0.1:49881” looks like the client-side port, which is standard for TCP/IP client-server traffic. If you have confirmed that messages are moving, than you should feel confident that SSL is working.  if you want to validate with complete certainty, open a network sniffer and you should see the traffic is encrypted.

On Aug 13, 2014, at 6:29 AM, akshattandon <ak...@gmail.com> wrote:

> Hi 
> 
> I am facing an issue while configuring ssl for JMS on apache service mix , 
> 
> I have configured the broker in its blueprint file 
> 
> <bean id="jms" class="org.apache.camel.component.jms.JmsComponent">
> 		<property name="connectionFactory">
> 			<bean class="org.apache.activemq.ActiveMQSslConnectionFactory">
> 				  <property name="trustStore" value="C:/client.ts" />
> 				  <property name="trustStorePassword" value="abc" />
> 				  <property name="keyStore" value="C:/broker.ks" />
> 				  <property name="keyStorePassword" value="password" />
> 				  <property name="brokerURL"
> value="nio+ssl://localhost:61617?trace=true" />
> 				  <property name="userName" value="smx" /> 
> 				  <property name="password" value="smx" />
> 			</bean>
> 		</property>
> 	</bean>
> 
> along with it i have configured activemq.xml with following entries 
> 
> 	<sslContext>
> 			<sslContext 
> 			  keyStore="C:/broker.ks" keyStorePassword="abc" 
> 			  trustStore="C:/client.ts" trustStorePassword="abc" />
> 		</sslContext>
>        <transportConnectors>
> 
> 			  <transportConnector name="openwire"
> uri="nio+ssl://localhost:61617?trace=true&amp;needClientAuth=true&amp;maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
>        </transportConnectors>
> 
> 
> the broker is started sucessfully and started publishing on 
> Publishing: nio+ssl://127.0.0.1:61617 for broker transport URI:
> nio+ssl://127.0.0.1:61617?trace=true&needClientAuth=true&maximumConnections=1000&wireFormat.maxFrameSize=104857600
> 
> but somehow connections are created on tcp 
> and being displayed like following 
> 
> tcp://127.0.0.1:49881	
> 
> 
> can someone guide us how to make the connection as ssl as well 
> 
> 
> 
> 
> 
> 
> 
> --
> View this message in context: http://activemq.2283324.n4.nabble.com/Securing-JMS-queque-tp4684509.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.