I'm trying to send messages via jms (activemq) but I want it to be in ssl protocol. It actuality works in tcp for now.
I use jndi, with a virtual topic and 2 queues. Could somebody help me, I tryed this but I get stuck the server won't start :
http://activemq.apache.org/how-do-i-use-ssl.html
thx
edit : The log says : "The reference to entity "needClientAuth" must end with the ';' delimiter."
ActiveMQ implements a RESTful API to messaging which allows any web capable device to publish or consume messages using a regular HTTP POST or GET.
0 ActiveMQ has support for automatic wire protocol detection over TCP, SSL, NIO, and NIO SSL. OpenWire, STOMP, AMQP, and MQTT are supported.
I will answer my own question :
First of all inside ..../apache-activemq-5.11.1/conf/activemq.xml :
<transportConnectors>
  <transportConnector name="ssl" uri="ssl://0.0.0.0:61617?trace=true&needClientAuth=true"/>
</transportConnectors>
Don't forget the & amp; (without the space) that's what was blocking on the server side. On activemq page it isn't written. As well don't forget to open your port. Here (61617)
Still inside activemq.xml
<sslContext>
     <sslContext keyStore="file:${activemq.base}/conf/amq-server.ks" 
                 keyStorePassword="PASSWORD" 
                 trustStore="file:${activemq.base}/conf/amq-server.ts" 
                 trustStorePassword="PASSWORD" />
  </sslContext>
Restart JMS; This time it should be OK. Now that your server side is OK Let's go for the client.
I have done this in activemq ..../apache-activemq-5.11.1/conf : (follow what is asked, names, pass, etc...).
## Create a keystore for the broker SERVER
$ keytool -genkey -alias amq-server -keyalg RSA -keysize 2048 -validity 90 -keystore amq-server.ks
## Export the broker SERVER certificate from the keystore
$ keytool -export -alias amq-server -keystore amq-server.ks -file amq-server_cert
## Create the CLIENT keystore
$ keytool -genkey -alias amq-client -keyalg RSA -keysize 2048 -validity 90 -keystore amq-client.ks
## Import the previous exported broker's certificate into a CLIENT truststore
$ keytool -import -alias amq-server -keystore amq-client.ts -file amq-server_cert
## If you want to make trusted also the client, you must export the client's certificate from the keystore
$ keytool -export -alias amq-client -keystore amq-client.ks -file amq-client_cert
## Import the client's exported certificate into a broker SERVER truststore
$ keytool -import -alias amq-client -keystore amq-server.ts -file amq-client_cert
Then I downloaded with the help of https://winscp.net/eng/index.php my "amq-client.ts" and "amq-client.ks" from my server to my PC (I dev on windows and server on linux).
I used this two files as source in eclipse. (I won't explain how to).
Finally in eclipse I had to change only one thing I had to replace QueueConnectionFactory by ActiveMQSslConnectionFactory:
So I erased
QueueConnectionFactory connFactory = (QueueConnectionFactory) ctx
                    .lookup("jms/ConnectionFactory");
And in place of that did :
ActiveMQSslConnectionFactory connectionFactory = new ActiveMQSslConnectionFactory(url);
            try {
                connectionFactory.setTrustStore(CLIENT_TS_FILE);
                connectionFactory.setTrustStorePassword("PASSWORD asked while TS file made");
                connectionFactory.setKeyStore(CLIENT_KS_FILE);
                connectionFactory.setKeyStorePassword("PASSWORD asked while KS file made");
            } catch (Exception e) {
                throw new MotorException(
                        "JMS Connection Failed (Trust store or key store weren't found) : ",
                        e);
            }
Very little was on internet at least for activemq and ssl it might help someone.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With