1 Reply Latest reply on Dec 15, 2008 9:48 AM by Dejan Bosanac

    SSL communication with trusted certificate from webstart applications.

    Stian Hegglund Newbie

      Hi, we're considering using the FUSE Message Broker with SSL-encrypted traffic.

      Our client applications are Java 5 Web Start applications, that currently communicate with our broker over tcp/ip.


      Our goal is simple distribution of client applications to the end users, and avoid "man in the middle attack" by not issuing/generating our own certificate.


      The WebStart-applications are distributed from - and the JMS-servers are running on - a selection of sub-domains (xxx.xyz.com, yyy.xyz.com, etc).


      We do not want the users to install certificates in their own keystore, we expect this to be solved by using certificates from a trusted issuer like VeriSign.


      We do not need to verify client certificates.


      (We have successfully tested ssl encryption with self generated certificate following the guide from http://activemq.apache.org/how-do-i-use-ssl.html.)


      1. What kind of certificate(s) do we need for this (the code signing of the Web Start apps and the SSL-encryption)? ? Do we need more than one?


      2. Will using keytool import of the certificate into the broker keystore be sufficient (without installing it into the client?s trust store?)


      Kind regards,