-
15. Re: Cannot use JMS over HTTPS port in WildFly
Hello Brian,
Thanks for your post.
I think apart from just configuring http-connector and http-acceptor RemoteConnectionFactory needs to be configured to use SSL (for complete communication over SSL).
<jms-connection-factories>
<connection-factory name="InVmConnectionFactory">
<connectors>
<connector-ref connector-name="in-vm"/>
</connectors>
<entries>
<entry name="java:/ConnectionFactory"/>
</entries>
</connection-factory>
<connection-factory name="RemoteConnectionFactory">
<connectors>
<connector-ref connector-name="http-connector"/>
</connectors>
<entries>
<entry name="java:jboss/exported/jms/RemoteConnectionFactory"/>
</entries>
</connection-factory>
<connection-factory name="SecureRemoteConnectionFactory">
<connectors>
<connector-ref connector-name="https-connector"/>
</connectors>
<entries>
<entry name="java:jboss/exported/jms/SecureRemoteConnectionFactory"/>
</entries>
</connection-factory>
<pooled-connection-factory name="hornetq-ra">
<transaction mode="xa"/>
<connectors>
<connector-ref connector-name="in-vm"/>
</connectors>
<entries>
<entry name="java:/JmsXA"/>
<entry name="java:jboss/DefaultJMSConnectionFactory"/>
</entries>
</pooled-connection-factory>
</jms-connection-factories>
If we've to use SecureRemoteConnectionFactory, we need to provide some exta parameters to http-acceptor.
<acceptors>
<http-acceptor http-listener="https" name="https-acceptor">
<param key="ssl-enabled" value="true"/>
<param key="key-store-path" value="d:/MY_SAMPLE_KEYSTORE.keystore"/>
<param key="key-store-password" value="MyPassword!@#"/>
</http-acceptor>
<http-acceptor http-listener="https" name="https-acceptor-throughput">
<param key="batch-deplay" value="50"/>
<param key="direct-deliver" value="false"/>
<param key="ssl-enabled" value="true"/>
</http-acceptor>
<in-vm-acceptor name="in-vm" server-id="0"/>
</acceptors>
Without these extra parameters, org.hornetq.core.remoting.impl.ssl.SSLSupport#loadKeystore will fail to load the keystore.
The strange part is that key-store-path only accepts the absolute path of the key store and not the relative path. Also, there is no paramter where we can specify the already configured security-realm.