-
1. Re: Websocket-secure support, best practices?
jbertram Aug 15, 2012 11:28 AM (in response to sikanrong)I'm not entirely sure that our STOMP websocket implementation supports security like this, but then again I'm not terribly familiar with this section of the code-base.
Can you post the <acceptor> you've configured to handle this?
Also, I'm not sure it is OK to use the keystore as the truststore. It may be fine, but that's certainly not how clients would do it in the real world since the keystore will have your private key in it along with the public key that the clients need in their truststore.
-
2. Re: Websocket-secure support, best practices?
sikanrong Aug 15, 2012 12:01 PM (in response to jbertram)Hey Justin, thanks for speedy repsonse;
This is my acceptor config block, but again I just don't know if this was the right thing to do or not.. Basically I just took the SSL-related parts from the "ssl-enabled" hornetq example and tried to use them with me stomp_ws acceptor...
<acceptor name="stomp-ws-acceptor">
<factory-class>org.hornetq.core.remoting.impl.netty.NettyAcceptorFactory</factory-class>
<param key="protocol" value="stomp_ws" />
<param key="port" value="61614" />
<param key="host" value="localhost" />
<param key="ssl-enabled" value="true"/>
<param key="key-store-path" value="/etc/hornetq/keystore"/>
<param key="key-store-password" value="pass"/>
<param key="trust-store-path" value="/etc/hornetq/truststore"/>
<param key="trust-store-password" value="pass"/>
</acceptor>
...this didn't seem to work.
Secondarily, how was I supposed to create an empty truststore? It won't take just an empty file so I guess I have to use keytool for this too?