You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Dominik Figl (Jira)" <ji...@apache.org> on 2021/02/05 09:12:00 UTC
[jira] [Created] (ARTEMIS-3100) I failed to configure SSL in
combination with HA Failover
Dominik Figl created ARTEMIS-3100:
-------------------------------------
Summary: I failed to configure SSL in combination with HA Failover
Key: ARTEMIS-3100
URL: https://issues.apache.org/jira/browse/ARTEMIS-3100
Project: ActiveMQ Artemis
Issue Type: Wish
Affects Versions: 2.16.0
Reporter: Dominik Figl
I failed to configure Artemis with one-way SSL in combination with HA Failover.
Can anybody point out a working example to me? (I'm pretty new to that topic :) )
I also failed to get access to the slack channel :\
My Goal:
2 Artemis Instances on CentOs Servers (one live and one backup server) with Server Side Certificate to enable the clients to encrypt the traffic. No Client side certs are needed.
My current configurate attempt:
LIVE:
<acceptor name="artemis-netty">tcp://0.0.0.0:61619?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;sslEnabled=true;sslProvider=OPENSSL;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;enabledProtocols=TLSv1,TLSv1.1,TLSv1.2;needClientAuth=false;verifyHost=false;trustAll=true</acceptor>
<connectors> <connectors> <connector name="artemis">tcp://vrz8576t:61619</connector> <!-- connector to the server1 --> <connector name="artemis-slave-connector">tcp://kai8576t:61619</connector> </connectors> <ha-policy> <replication> <master/> </replication> </ha-policy>
<cluster-connections> <cluster-connection name="my-cluster"> <connector-ref>artemis</connector-ref> <message-load-balancing>ON_DEMAND</message-load-balancing> <max-hops>0</max-hops> <static-connectors> <connector-ref>artemis-slave-connector</connector-ref> </static-connectors> </cluster-connection> </cluster-connections>
BACKUP:
<acceptor name="artemis-netty">tcp://0.0.0.0:61619?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;sslEnabled=true;sslProvider=OPENSSL;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;enabledProtocols=TLSv1,TLSv1.1,TLSv1.2;needClientAuth=false;verifyHost=false;trustAll=true</acceptor>
<connectors><connectors> <connector name="artemis">tcp://kai8576t:61619</connector> <connector name="artemis-master-connector">tcp://vrz8576t:61619</connector> </connectors>
<ha-policy> <replication> <slave/> </replication> </ha-policy>
<cluster-connections> <cluster-connection name="my-cluster"> <connector-ref>artemis</connector-ref> <message-load-balancing>ON_DEMAND</message-load-balancing> <max-hops>0</max-hops> <static-connectors> <connector-ref>artemis-master-connector</connector-ref> </static-connectors> </cluster-connection> </cluster-connections>
Certificate generation:
keytool -genkey -keystore activemq.example.keystore -storepass activemqexample -keypass activemqexample -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA
keytool -export -keystore activemq.example.keystore -file server-side-cert.cer -storepass activemqexample
keytool -import -keystore activemq.example.truststore -file server-side-cert.cer -storepass activemqexample -keypass activemqexample -noprompt
BR
Dominik
--
This message was sent by Atlassian Jira
(v8.3.4#803005)