Trouble with ActiveMq with Ssl using Php Stomp

Question

I'm having problems connecting a Php client app to an Ssl enabled ActiveMq installation. I've looked at many sources and am getting more confused as I go.

My setup so far uses authentication via users/groups.properties and authorizationPlugin. This works fine on regular connections

For ActiveMq Ssl I followed a few articles and created the Jks store and certs and also configured with the following

<sslContext>
        <sslContext keyStore="file:${activemq.base}/conf/server.ks"
             keyStorePassword="$STORE_PASS"
             trustStore="file:${activemq.base}/conf/server.ts"
             trustStorePassword="$STORE_PASS" />
</sslContext>

<transportConnector 
 name="stomp+ssl" uri="stomp+ssl://0.0.0.0:61617?needClientAuth=true"/>

I also tried the ACTIVEMQ_SSL_OPTS approach. Both load fine when starting the server. Logs show Sll connector started. I also checked the php cli to make sure Sll is enabled on stomp installation

The problem I'm having is with the Php stomp client. First, these are the articles I read.

http://activemq.apache.org/how-do-i-use-ssl.html

http://php.net/manual/en/stomp.construct.php

https://github.com/stomp-php/stomp-php/wiki/Connectivity

From my understanding, there are two php stomp libs based on the documentation I can't figure out how to set all this up. The php site docs simply give an example of using the constructor with ssl protocol

$link = stomp_connect('ssl://localhost:61612', $user, $pass, $headers);

This doesn't work, I get a null cert error in the logs.

The other article that uses FuseSource stomp has options for including a client cert when establishing a connection but after getting further into the article it looks like it's just to authenticate via Sll cert and not with a user/pass.

https://github.com/rethab/php-stomp-cert-example/blob/master/README.md

So I went back to the previous stomp installation thinking there's a way to pass the client cert files but there doesn't seem to be an interface for it and no docs on the headers param which I'm assuming is not how to go about this.

Can someone shed some light on were in this complex mess I went wrong.

Answer 1

I don't know if you're still interested, but just in case someone stumbles upon this question hoping for an answer.

We're using https://github.com/stomp-php/stomp-php/ for our Stomp connection and this is roughly how we create the client:

function createClient($broker_url, $login, $password) {
        $client = new \Stomp\Client($broker_url);

        $sslContext = [
            'ssl' => [
                'cafile' => '/path/to/cert',
                'verify_peer' => true,
                'verify_peer_name' => false,
                'ciphers' => 'HIGH',
            ],
        ];

        $client->getConnection()->setContext($sslContext);
        $client->setLogin($login, $password);
        $client->connect();

        return new \Stomp\StatefulStomp($client);
}

$broker_url should be in the format ssl://host:port .