stackoom
  简体   繁体   中英

ActiveMQ SSL activation

 原文  2023-01-24 09:13:57       ssl/ activemq

Question

I have an MQTT broker with ActiveMQ on an Ubuntu server with Windows clients. Now I want to enable SSL. I found the tutorial , but I have a question.

This step 1: I do on Mqtt broker activemq

Step 1 Create a certificate for the broker with keytool:

keytool -genkey -alias broker -keyalg RSA -keystore broker.ks

Step 2 export the broker's certificate so it can be shared with clients: This action on MQTT broker Server. Certificat will be installed on Windows cleint.

keytool -export -alias broker -keystore broker.ks -file broker_cert

Step 3 see below Create a certificate/keystore for the client: Do I need this step? where to perform this step? On client or Mqtt broker server? but there are windows cleint.

keytool -genkey -alias client -keyalg RSA -keystore client.ks

*Step 4. Do I need this step? where to perform this step? On client or MQTT broker server? but there are windows client.

Create a truststore for the client, and import the broker's certificate. This will ensure that the client "trusts" the broker:*

keytool -import -alias broker -keystore client.ts -file broker_cert

What do I have to do now to make the broker and the windows client use the certificate?

3 answers

solution1
 0  2023-01-24 17:31:50

The instructions cover both the broker-side and client-side.

The broker hosts the self-signed SSL certificate to hand out on SSL connections, and the client needs the key in a 'truststore' to allow the key from the broker since it is self-signed and not from one of the public SSL key signers that are already provided by most OS and dev stacks.

Keep in mind-- SSL encrypts the traffic, but also maintains 'who to trust'. Just b/c some server hands out a SSL key, doesn't mean the client should simply encrypt and start passing data to that server.

EDIT: Some config samples

At minimum:

<broker ..
  .. 
  <sslContext>
    <sslContext keyStore="broker1-keystore.ks"
                keyStorePassword="password"/>
  </sslContext>
  ..
</broker>

Advanced ref: https://activemq.apache.org/ssl-transport-reference

solution2
 0  2023-02-01 09:24:29

@Pavlovich just a quetsion what do you mean with

the client needs the key in a 'truststore'

do i need to import brocker private key to client? So far I have only installed the Brocker certificate on client (windows ca store) Thx

solution3
 0  2023-02-01 10:22:21

@Pavlovich I installed the certificate on client. I change activeqm.xml like: transportConnector name="ssl" uri="ssl://0.0.0.0:61714?transport.enabledProtocols=TLSv1.2"/>

I'm trying to test the connection with a certificate using mqtt fx and it doesn't work. i keep getting mqtt exception

ERROR --- BrokerConnectService: MqttException

Thx

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ActiveMQ mutual SSL authentication ActiveMQ, SSL, and transport connectors How to activemq in ssl stomp+ActiveMQ with SSL ActiveMQ SSL performance ActiveMQ, SSL, C# Connecting to Activemq with SSL ActiveMQ embedded broker SSL Large amount of SSL clients in ActiveMQ ActiveMQ over SSL to a .Net client
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM