I think all the ILs take socket factories in
there MBean configurations.

You will find it more efficient
to secure the message body rather
the transport layer.

This has the added advantage that the
person operating the server cannot read the
messages.

Regards,
Adrian

Problem is, message-level encryption does not provide for mutual authentication with certs as SSL does. Here's what I did:

- Downloaded JSSE
- Used keytool to create a keystores for both the server and the client. Then I exported the certs from these stores and imported them into their peer as a trusted cert (imported the client’s cert into the server’s truststore and vice-versa)
- Configure jbossmq to use JSSE SSL server and client socket factories instead of the default socket factories. This can be done in jbossmq-service.xml (thanks Ivan!). No change needed for the client side, since it gets it the settings from the same file when it gets the QueueConnection from JNDI.
- Added the JSSE jars to both the client and server.
- Add JSSE as a provider in the java.security properties file. I did it by modifying java.security directly in the JRE, but JBoss is also doing it for JAAS, so this step may not be necessary.
- Added system properties to define the location of the respective keystore and truststore for both the client and server.

Todd Klaus
todd.klaus@activereasoning.com
http://www.activereasoning.com

You can do JMS over HTTPS if you want...
1.) Download JBoss 3.2 which ships with the HTTP IL. 2.) Specify a HTTPS URL on the HTTP IL Service MBean
3.) Make sure you've got the SSL code in your classpath on the client.