4 Replies Latest reply on Jul 31, 2017 2:43 AM by Miroslav Novak

    WildFly 10 and ActiveMQ HTTPS Connectors

    Carl Walker Newbie

      Hi,

       

      Does anyone have a reference or snippet of an ActiveMQ / HTTPS configuration?  I have it working with http, but this relies on a lot of defaults.  I'm not clear on what needs to be tweaked.

       

      My starting configuration is off-the-shelf

       

      <http-connector name="http-connector" socket-binding="http" endpoint="http-acceptor"/>

                      <http-connector name="http-connector-throughput" socket-binding="http" endpoint="http-acceptor-throughput">

                          <param name="batch-delay" value="50"/>

                      </http-connector>

                      <in-vm-connector name="in-vm" server-id="0"/>

                      <http-acceptor name="http-acceptor" http-listener="default"/>

                      <http-acceptor name="http-acceptor-throughput" http-listener="default">

                          <param name="batch-delay" value="50"/>

                          <param name="direct-deliver" value="false"/>

                      </http-acceptor>

       

      Thank you,

      Carl

        • 1. Re: WildFly 10 and ActiveMQ HTTPS Connectors
          Miroslav Novak Master

          Hi Carl,

           

          I have config for WF11 but it should in WF10.1 as well (you can just have lower schema versions of subsystem but config looks the same). Here is XML snippet:

          <management>
          <security-realms>
                  ...
              <security-realm name="https">
              <server-identities>
                  <ssl>
                  <keystore path="<path_to_server_key_store>/server.keystore" keystore-password="123456"/>
                  </ssl>
              </server-identities>
              </security-realm>
          </security-realms>
          ...
          </management>
          
          
          <subsystem xmlns="urn:jboss:domain:undertow:4.0">
              <buffer-cache name="default"/>
              <server name="default-server">
                  ...
                  <https-listener name="undertow-https" socket-binding="https" security-realm="https" verify-client="NOT_REQUESTED"/>
                  ...
              </server>
          </subsystem>
          
          <subsystem xmlns="urn:jboss:domain:messaging-activemq:1.1">
              <server name="default">
              ...
              <http-connector name="https-connector" socket-binding="https" endpoint="https-acceptor">
                  <param name="ssl-enabled" value="true"/>
              </http-connector>
              <http-acceptor name="https-acceptor" http-listener="undertow-https"/>
              ...
              </server>
          </subsystem>
          

           

          This is for one way authentication where identity of server is verified but you can simply adjust config so client and server authenticates to each other. If you have standalone JMS client then you need to provide client truststore. This is configured using system properties for example like:

           

          System.setProperty("javax.net.ssl.trustStore", "<path-to-trustore>/client.truststore"); // for server authentication
          System.setProperty("javax.net.ssl.trustStorePassword", "123456);
          

           

          If you need two-way authentication then client needs also keystore configured using "javax.net.ssl.trustStore" and "javax.net.ssl.trustStorePassword" system properties and you need change attribute "verify-client" in configuration of https-listener (and of course provide server trustore to "https" security realm.

           

          Cheers,

          Mirek

          1 of 1 people found this helpful
          • 2. Re: WildFly 10 and ActiveMQ HTTPS Connectors
            Carl Walker Newbie

            Thanks.   Testing this out now.

            • 3. Re: WildFly 10 and ActiveMQ HTTPS Connectors
              Carl Walker Newbie

              This is working for me.  Thanks for your help.