We are uncertain as to how to configure the key-store-path on an ssl-enabled connector because the key-store-path is path to the keystore on the client.

In http://community.jboss.org/message/258516 the solution for JBoss Messaging was to use the JBossConnectionFactory (which as I understand it maps over to the HornetQJMSClient with HornetQ).

However our client application also requires connection failover and is currently configured to connect via a JNDI bound connection-factory that references a discovery group through a discovery-group-ref. This fails because of the key-store-path issue (although we can work around this by using the correct relative path for the keystore on our client - but this puts unnecessary constraints on the client deployment).

Is it possible instead to use HornetQJMSClient (rather than JNDI) to connect to a configured discovery group yet still specify the location of the key-store-path on the client? Or even to fallback to using the javax.net.ssl.keyStore system property on the client?