To configure SSL parameters using ActiveMQ:
- Go to /opt/nastel/sbin. Stop the web, CEP, domain and ActiveMQ.
- Go to /opt/nastel/java/current/bin to run the keytool commands.
- Do the following:
-
- Create a broker certificate using the command line:
./keytool -genkey -alias broker -keyalg RSA -keystore broker.ks
- Export the broker certificate to be shared with the clients:
./keytool -export -alias broker -keystore broker.ks -file broker_cert
- Create a keystore for client:
./keytool -genkey -alias client -keyalg RSA -keystore client.ks
- Create the truststore for client and import broker's certificate:
./keytool -import -alias broker -keystore client.ts -file broker_cert
- Create a broker certificate using the command line:
- Go to /opt/nastel/actmq/current/bin.
- Open the env file using the command:
vi env
- Add the following:
export ACTIVEMQ_SSL_OPTS = "-Djavax.net.ssl.keyStore=/path/to/broker.ks -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.trustStore=/path/to/broker.ts"
- Export the client certificate to the broker:
./keytool -export -alias client -keystore client.ks -file client_cert
- Create a truststore for the broker:
./keytool -import -alias client -keystore broker.ts -file client_cert
- Go to /opt/nastel/actmq/current/conf.
- Open the xml file using the command:
vi activemq.xml
- Add the following under transport connector:
<transportConnector name="ssl" uri="ssl://localhost:61617?maximumConnections=1000&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2"/>
- Also, add the following:
<sslContext>
<sslContext keyStore="/opt/nastel/java/current/bin/broker.ks"
keyStorePassword="password"
trustStore="/opt/nastel/java/current/bin/broker.ts"
trustStorePassword="password"/>
</sslContext>
- After the broker context is closed add the below bean.
<!-- mySql DataSource Setup -->
<bean id="mysql-ds" class="org.apache.commons.dbcp2.BasicDataSource"
destroy-method="close">
<property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<property name="url"
value="jdbc:mysql://localhost/activemq?relaxAutoCommit=true"/>
<property name="username" value="user"/>
<property name="password" value="pass"/>
<property name="poolPreparedStatements" value="true"/>
</bean>
- Go to /opt/nastel/actmq/current/conf.
- Open the xml file using the command:
vi jetty.xml
Enable the following:
<bean id="SecureConnector" class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="Server" />
<constructor-arg>
<bean id="handlers" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<property name="keyStorePath" value="/opt/nastel/java/current/bin/broker.ks" />
<property name="keyStorePassword" value="password" />
</bean>
</constructor-arg>
<property name="port" value="8162" />
</bean>
- Go to /opt/nastel/sbin and restart the domain, CEP, web and ActiveMQ.