-
1. Re: JMS over SSL, or OIL2
ioparra Apr 21, 2003 12:54 PM (in response to ioparra)There is an OIL2 server that takes a SecurityDomain. Anyone have any luck with OIL2. I haven't seen it mentioned. Silence can only mean 1 of 2 things: its perfect, or its not-to-be used?
-
2. Re: JMS over SSL
ioparra Apr 21, 2003 8:11 PM (in response to ioparra)Never mind. After much effort, and assistance, I find a solution.
-
3. Re: JMS over SSL
adrian.brock Apr 21, 2003 9:16 PM (in response to ioparra)I think all the ILs take socket factories in
there MBean configurations.
You will find it more efficient
to secure the message body rather
the transport layer.
This has the added advantage that the
person operating the server cannot read the
messages.
Regards,
Adrian -
4. Re: JMS over SSL
tklaus Apr 21, 2003 9:45 PM (in response to ioparra)
Problem is, message-level encryption does not provide for mutual authentication with certs as SSL does. Here's what I did:
- Downloaded JSSE
- Used keytool to create a keystores for both the server and the client. Then I exported the certs from these stores and imported them into their peer as a trusted cert (imported the client’s cert into the server’s truststore and vice-versa)
- Configure jbossmq to use JSSE SSL server and client socket factories instead of the default socket factories. This can be done in jbossmq-service.xml (thanks Ivan!). No change needed for the client side, since it gets it the settings from the same file when it gets the QueueConnection from JNDI.
- Added the JSSE jars to both the client and server.
- Add JSSE as a provider in the java.security properties file. I did it by modifying java.security directly in the JRE, but JBoss is also doing it for JAAS, so this step may not be necessary.
- Added system properties to define the location of the respective keystore and truststore for both the client and server.
Todd Klaus
todd.klaus@activereasoning.com
http://www.activereasoning.com -
5. Re: JMS over SSL
nphelps Apr 22, 2003 10:14 AM (in response to ioparra)You can do JMS over HTTPS if you want...
1.) Download JBoss 3.2 which ships with the HTTP IL. 2.) Specify a HTTPS URL on the HTTP IL Service MBean
3.) Make sure you've got the SSL code in your classpath on the client.