5 Replies Latest reply on Apr 22, 2003 10:14 AM by Nathan W. Phelps

    JMS over SSL

    Ivan O. Parra Novice

      I'm looking for a way to secure my JMS Messages with SSL. Has anyone find a way to do that? Can JBossMQ do it or do I need to use another JMS Server?


      I've looked up and down these boards for a previous thread. No luck.

        • 1. Re: JMS over SSL, or OIL2
          Ivan O. Parra Novice

          There is an OIL2 server that takes a SecurityDomain. Anyone have any luck with OIL2. I haven't seen it mentioned. Silence can only mean 1 of 2 things: its perfect, or its not-to-be used?

          • 2. Re: JMS over SSL
            Ivan O. Parra Novice

            Never mind. After much effort, and assistance, I find a solution.

            • 3. Re: JMS over SSL
              Adrian Brock Master

              I think all the ILs take socket factories in
              there MBean configurations.

              You will find it more efficient
              to secure the message body rather
              the transport layer.

              This has the added advantage that the
              person operating the server cannot read the
              messages.

              Regards,
              Adrian

              • 4. Re: JMS over SSL
                Todd Klaus Newbie


                Problem is, message-level encryption does not provide for mutual authentication with certs as SSL does. Here's what I did:

                - Downloaded JSSE
                - Used keytool to create a keystores for both the server and the client. Then I exported the certs from these stores and imported them into their peer as a trusted cert (imported the client’s cert into the server’s truststore and vice-versa)
                - Configure jbossmq to use JSSE SSL server and client socket factories instead of the default socket factories. This can be done in jbossmq-service.xml (thanks Ivan!). No change needed for the client side, since it gets it the settings from the same file when it gets the QueueConnection from JNDI.
                - Added the JSSE jars to both the client and server.
                - Add JSSE as a provider in the java.security properties file. I did it by modifying java.security directly in the JRE, but JBoss is also doing it for JAAS, so this step may not be necessary.
                - Added system properties to define the location of the respective keystore and truststore for both the client and server.

                Todd Klaus
                todd.klaus@activereasoning.com
                http://www.activereasoning.com

                • 5. Re: JMS over SSL
                  Nathan W. Phelps Novice

                  You can do JMS over HTTPS if you want...
                  1.) Download JBoss 3.2 which ships with the HTTP IL. 2.) Specify a HTTPS URL on the HTTP IL Service MBean
                  3.) Make sure you've got the SSL code in your classpath on the client.