For messaging via JNDI the ConnectionFactory has to be defined in a connector on the server. For SSL the Keystore Path has also be defined in this connector. This means that every client that want's to use this ConnectionFactory has to have the KeyStore in this exact path or you have to define an connector for each client. Example:

<connectors>
    <connector name="netty-ssl">
    <factory-class>org.hornetq.core.remoting.impl.netty.NettyConnectorFactory</factory-class>
        <param key="host" value="messaging.yellow.yellowcorp.test" />
        <param key="port" value="5500" />
        <param key="ssl-enabled" value="true" />
        <param key="key-store-path" value="conf/keys/yellowTrust.jks" />
        <param key="key-store-password" value="Password" />
    </connector>
</connectors>

It would be nice, if the KeyStorepath could be configured on the client. An easy way to do this is to use the standard Java TrustStore for this (javax.net.ssl.trustStore, javax.net.ssl.trustStorePassword and javax.net.ssl.trustStoreType)

Also it's very unintuitive to define the TrustStore for the client on the server.

What do you think? Should I open a feature request?