-
1. Re: WildFly 10 and ActiveMQ HTTPS Connectors
mnovak Jul 28, 2017 1:38 AM (in response to walkerca)1 of 1 people found this helpfulHi Carl,
I have config for WF11 but it should in WF10.1 as well (you can just have lower schema versions of subsystem but config looks the same). Here is XML snippet:
<management> <security-realms> ... <security-realm name="https"> <server-identities> <ssl> <keystore path="<path_to_server_key_store>/server.keystore" keystore-password="123456"/> </ssl> </server-identities> </security-realm> </security-realms> ... </management> <subsystem xmlns="urn:jboss:domain:undertow:4.0"> <buffer-cache name="default"/> <server name="default-server"> ... <https-listener name="undertow-https" socket-binding="https" security-realm="https" verify-client="NOT_REQUESTED"/> ... </server> </subsystem> <subsystem xmlns="urn:jboss:domain:messaging-activemq:1.1"> <server name="default"> ... <http-connector name="https-connector" socket-binding="https" endpoint="https-acceptor"> <param name="ssl-enabled" value="true"/> </http-connector> <http-acceptor name="https-acceptor" http-listener="undertow-https"/> ... </server> </subsystem>
This is for one way authentication where identity of server is verified but you can simply adjust config so client and server authenticates to each other. If you have standalone JMS client then you need to provide client truststore. This is configured using system properties for example like:
System.setProperty("javax.net.ssl.trustStore", "<path-to-trustore>/client.truststore"); // for server authentication System.setProperty("javax.net.ssl.trustStorePassword", "123456);
If you need two-way authentication then client needs also keystore configured using "javax.net.ssl.trustStore" and "javax.net.ssl.trustStorePassword" system properties and you need change attribute "verify-client" in configuration of https-listener (and of course provide server trustore to "https" security realm.
Cheers,
Mirek
-
2. Re: WildFly 10 and ActiveMQ HTTPS Connectors
walkerca Jul 28, 2017 9:15 AM (in response to mnovak)Thanks. Testing this out now.
-
3. Re: WildFly 10 and ActiveMQ HTTPS Connectors
walkerca Jul 28, 2017 10:10 AM (in response to walkerca)This is working for me. Thanks for your help.
-
4. Re: WildFly 10 and ActiveMQ HTTPS Connectors
mnovak Jul 31, 2017 2:43 AM (in response to walkerca)Cool, great! :-)