jms over https

alt_amit Feb 14, 2005 5:27 PM

Currently I can do JMS over http, by looking up HTTPConnectionFactory and the URL = http://ip:8080/invoker/JNDIFactory. If I wanted to do JMS over https, what are the additional steps needed ?

Thanks in advance.

1. Re: jms over https

adrian.brock Feb 14, 2005 5:48 PM (in response to alt_amit)

CAPITAL LETTERS == shouting

1) DO NOT CROSS POST

2) DO NOT POST USER QUESTIONS IN DEVELOPER FORUMS
Actions
2. Re: jms over https

alt_amit Feb 16, 2005 4:02 PM (in response to alt_amit)
Summing up how I did JMS over https (sorry Adrian, overlooked multiple forum-related dropdowns):

deploy/jms/jbossmq-httpil.sar/META-INF should have: <attribute name="URLPrefix">https://</attribute> <attribute name="URLPort">8443</attribute> deploy/jbossweb-tomcat50.sar/server.xml have: <Connector port="8443" address="${jboss.bind.address}" maxThreads="100" minSpareThreads="5" maxSpareThreads="15" scheme="https" secure="true" clientAuth="false" keystoreFile="${jboss.server.home.dir}/conf/certpath.keystore" keystorePass="whateversyours" sslProtocol = "TLS" />

certpath.keystore has your self-signed digital signature.

the certificate should be stored back to the cacerts repository on the server (in jre/lib..) so server authentication doesnt throw exception

use host ip not name if that's how the HTTPServerILService is configured.

use correct keystoretype

disable client auth, if not doing so (server auth should be enough)

Add the following in client code:

HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
System.out.println("Warning: URL Host: "+urlHostName+" vs. "+session.getPeerHost());
return true;
}
};

HttpsURLConnection.setDefaultHostnameVerifier(hv);
Actions

Go to original post