You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@activemq.apache.org by shameem <sh...@gmail.com> on 2014/06/02 18:19:00 UTC

Configuring SSL with No TrustStore and Using Simple Authentication (Username/Password)

I need help to configure activemq ssl without any truststore instead use
username and password for authentication.

I am getting the exception as no trusStore is provided:
Exception in thread "main" javax.jms.JMSException: Could not create
Transport. Reason: java.lang.NullPointerException
	at
org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:35)
	at
org.apache.activemq.ActiveMQSslConnectionFactory.createTransport(ActiveMQSslConnectionFactory.java:123)
	at
org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnection(ActiveMQConnectionFactory.java:267)
	at
org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnection(ActiveMQConnectionFactory.java:239)
	at
org.apache.activemq.ActiveMQConnectionFactory.createConnection(ActiveMQConnectionFactory.java:185)


Below is my configuration:

<transportConnector name="ssl"
uri="ssl://0.0.0.0:61617?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600&amp;transport.needClientAuth=true&amp;transport.wantClientAuth=false"/>

<sslContext>
    <sslContext keyStore="/home/shameem/dev/tools/activemq/broker.ks"
keyStorePassword="password" />
</sslContext>

My Spring configuration:

 <bean id="jmsConnectionFactory"
	   class="org.apache.activemq.ActiveMQSslConnectionFactory">
        <property name="brokerURL" value="ssl://localhost:61617" />
        <property name="userName" value="admin"/>
        <property name="password" value="admin"/>
  </bean>





--
View this message in context: http://activemq.2283324.n4.nabble.com/Configuring-SSL-with-No-TrustStore-and-Using-Simple-Authentication-Username-Password-tp4681580.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Re: Configuring SSL with No TrustStore and Using Simple Authentication (Username/Password)

Posted by shameem <sh...@gmail.com>.

I have figure out what's the issue. I was using ActiveMQ 5.5.1 where
ActiveMQSslConnectionFactory needs to be explicitly configured to specify
the trustStore & trustStorePassword, otherwise exception is thrown while
creating the trust manager. 

The workaround would be to create a trustStore and import the server/broker
certificate even though i have set the server parameters 

transport.needClientAuth=false
transport.wantClientAuth=false

The second solution would be to upgrate to 5.7.0 where you dont need to
specify the trustStore & trustStorePassword

activemq.xml
<sslContext>
               <sslContext keyStore="/path/to/broker.ks" 
                        keyStorePassword="password"/>
</sslContext>

Spring bean
<bean id="jmsConnectionFactory"  
class="org.apache.activemq.ActiveMQSslConnectionFactory">
         <property name="brokerURL" value="ssl://localhost:61617" />
        <property name="userName" value="admin"/>
        <property name="password" value="activemq"/>
        <property name="trustStore"
value="file:///path/to/truststore/activemq.ts"/>
        <property name="trustStorePassword" value="activemq"/>
</bean>

Everything is working fine.

Thanks.
Shameem



--
View this message in context: http://activemq.2283324.n4.nabble.com/Configuring-SSL-with-No-TrustStore-and-Using-Simple-Authentication-Username-Password-tp4681580p4681620.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Re: Configuring SSL with No TrustStore and Using Simple Authentication (Username/Password)

Posted by Benjamin Jansen <bj...@w007.org>.

On Jun 2, 2014, at 09:19 , shameem <sh...@gmail.com> wrote:

> I need help to configure activemq ssl without any truststore instead use
> username and password for authentication.
> 
> I am getting the exception as no trusStore is provided:
> Exception in thread "main" javax.jms.JMSException: Could not create
> Transport. Reason: java.lang.NullPointerException
> 	at
> org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:35)
> 	at
> org.apache.activemq.ActiveMQSslConnectionFactory.createTransport(ActiveMQSslConnectionFactory.java:123)
> 	at
> org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnection(ActiveMQConnectionFactory.java:267)
> 	at
> org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnection(ActiveMQConnectionFactory.java:239)
> 	at
> org.apache.activemq.ActiveMQConnectionFactory.createConnection(ActiveMQConnectionFactory.java:185)
> 
> 
> Below is my configuration:
> 
> <transportConnector name="ssl"
> uri="ssl://0.0.0.0:61617?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600&amp;transport.needClientAuth=true&amp;transport.wantClientAuth=false"/>

I haven't configured ActiveMQ itself for SSL, but "need client auth" in SSL means that the server will request the client's certificate and verify that it matches the server's trusted certificates. If you want anonymous SSL and application-level username and password, I think you need to set transport.needClientAuth=false.

- Ben