You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Justin Bertram (Jira)" <ji...@apache.org> on 2021/08/12 15:49:00 UTC
[jira] [Commented] (ARTEMIS-3100) I failed to configure SSL in
combination with HA Failover
[ https://issues.apache.org/jira/browse/ARTEMIS-3100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17398138#comment-17398138 ]
Justin Bertram commented on ARTEMIS-3100:
-----------------------------------------
Please use the [ActiveMQ users mailing list|http://activemq.apache.org/contact] for questions like this. Also, you can ask for a Slack invite there as well (as noted on the website).
> I failed to configure SSL in combination with HA Failover
> ---------------------------------------------------------
>
> Key: ARTEMIS-3100
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3100
> Project: ActiveMQ Artemis
> Issue Type: Wish
> Affects Versions: 2.16.0
> Reporter: Dominik Figl
> Priority: Trivial
>
> I failed to configure Artemis with one-way SSL in combination with HA Failover.
> Can anybody point out a working example to me? (I'm pretty new to that topic :) )
> I also failed to get access to the slack channel :\
> My Goal:
> Two Artemis instances on CentOS servers (one live and one backup server) with server-side certificate to enable the clients to encrypt the traffic. No client-side certs are needed.
> My current configuration:
> LIVE:
> {code:xml}
> <acceptor name="artemis-netty">tcp://0.0.0.0:61619?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;enabledProtocols=TLSv1,TLSv1.1,TLSv1.2;needClientAuth=false;verifyHost=false;trustAll=true</acceptor>
> <connectors>
> <connector name="artemis">tcp://serverA:61619</connector>
> <!-- connector to the server1 -->
> <connector name="artemis-slave-connector">tcp://serverB:61619</connector>
> </connectors>
> <ha-policy>
> <replication>
> <master/>
> </replication>
> </ha-policy>
> <cluster-connections>
> <cluster-connection name="my-cluster">
> <connector-ref>artemis</connector-ref>
> <message-load-balancing>ON_DEMAND</message-load-balancing>
> <max-hops>0</max-hops>
> <static-connectors>
> <connector-ref>artemis-slave-connector</connector-ref>
> </static-connectors>
> </cluster-connection>
> </cluster-connections>
> {code}
> BACKUP:
> {code:xml}
> <acceptor name="artemis-netty">tcp://0.0.0.0:61619?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;enabledProtocols=TLSv1,TLSv1.1,TLSv1.2;needClientAuth=false;verifyHost=false;trustAll=true</acceptor>
> <connectors>
> <connector name="artemis">tcp://serverB:61619</connector>
> <connector name="artemis-master-connector">tcp://serverA:61619</connector>
> </connectors>
> <ha-policy>
> <replication>
> <slave/>
> </replication>
> </ha-policy>
> <cluster-connections>
> <cluster-connection name="my-cluster">
> <connector-ref>artemis</connector-ref>
> <message-load-balancing>ON_DEMAND</message-load-balancing>
> <max-hops>0</max-hops>
> <static-connectors>
> <connector-ref>artemis-master-connector</connector-ref>
> </static-connectors>
> </cluster-connection>
> </cluster-connections>
> {code}
> Certificate generation:
> {noformat}
> keytool -genkey -keystore activemq.example.keystore -storepass activemqexample -keypass activemqexample -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA
> keytool -export -keystore activemq.example.keystore -file server-side-cert.cer -storepass activemqexample
> keytool -import -keystore activemq.example.truststore -file server-side-cert.cer -storepass activemqexample -keypass activemqexample -noprompt
> {noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)