Securing and encrypting ActiveMQ messages with .NET API
Question
I'm creating a C# program which is sending messages with ActiveMQ like this:
IConnectionFactory factory = new ConnectionFactory("activemq:tcp://localhost:61616");
connection = (Connection)factory.CreateConnection();
connection.Start();
session = connection.CreateSession();
producer = session.CreateProducer(new ActiveMQTopic("topic1"));
ITextMessage msg = producer.CreateTextMessage();
msg.Text = Body;
producer.Send(msg);
How can I send the messages in a secure way using TLS/SSL with port 443? What do I need to do in the client side (also .NET) in order to receive it? Is there also a way to configure the clients to only receive such secured messages, and reject regular messages?
2 answers
solution1
0 2019-10-02 13:08:34
You need to configure SSL on the broker and then use a properly configured client connection using the SSL transport to connect to the broker. The is an old article here on the .NET client using SSL.
You will need configure the client such that it will trust the certificate from the broker either via a signing authority or by sharing the brokers public certificate with the client.
solution2
0 ACCPTED 2019-10-14 18:35:39
I'll try to mention all the relevant information in one place
For the one way TLS there is almost no client side configuration required, just update connection string activemq:ssl://broker.host:61617 . The certification burden is on a server.
To configure your local ActiveMQ broker
First generate self-signed key in server.ts keystore file
<JAVA_HOME>\bin\keytool -genkey -alias broker -keyalg RSA -keystore <AMQ_HOME>\conf\server.ks
Then edit the config file ([AMQ Install Dir]\conf\activemq.xml)
define ssl context
<broker ...>
...
<sslContext>
<sslContext keyStore="file:${activemq.conf}/server.ks"
keyStorePassword="password" />
</sslContext>
configure ssl transport
<transportConnectors>
<transportConnector name="ssl" uri="ssl://localhost:61617" />
</transportConnectors>
Finally start/restart ActiveMQ broker
Now you can make a connection using this connection string:
activemq:ssl://localhost:61617?transport.acceptInvalidBrokerCert=true
At this point you should have a working prototype. and should start working on real certificates.
Using self-signed certificate
If you fine with self-signed certificates you can export one from the broker's key store, copy it to a client's bin and mention it in a connection string.
export:
<JAVA_HOME>\bin\keytool -export -alias broker -keystore <AMQ_HOME>\conf\server.ks -file broker_cert
connection string:
activemq:ssl://localhost:61617?transport.BrokerCertFilename=broker_cert
Two-way TLS
to be continued...
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.