1 Reply Latest reply on Dec 15, 2008 9:48 AM by Dejan Bosanac

    SSL communication with trusted certificate from webstart applications.

    Stian Hegglund Newbie

      Hi, we're considering using the FUSE Message Broker with SSL-encrypted traffic.

      Our client applications are Java 5 Web Start applications, that currently communicate with our broker over tcp/ip.

       

      Our goal is simple distribution of client applications to the end users, and avoid "man in the middle attack" by not issuing/generating our own certificate.

       

      The WebStart-applications are distributed from - and the JMS-servers are running on - a selection of sub-domains (xxx.xyz.com, yyy.xyz.com, etc).

       

      We do not want the users to install certificates in their own keystore, we expect this to be solved by using certificates from a trusted issuer like VeriSign.

       

      We do not need to verify client certificates.

       

      (We have successfully tested ssl encryption with self generated certificate following the guide from http://activemq.apache.org/how-do-i-use-ssl.html.)

       

      1. What kind of certificate(s) do we need for this (the code signing of the Web Start apps and the SSL-encryption)? ? Do we need more than one?

       

      2. Will using keytool import of the certificate into the broker keystore be sufficient (without installing it into the client?s trust store?)

       

      Kind regards,

      Stian