activmemq.packages.trust-all does not trust all SSL certificates
Question
In my Spring Boot app part of my application.yml is as follows:
spring:
activemq:
broker-url: ssl://10.68.84.40:61617
user: admin
password: admin
packages:
trust-all: true
Where 10.68.84.40:61617 is an endpoint added to activemq.xml :
<transportConnector name="ssl" uri="ssl://0.0.0.0:61617?maximumConnections=1000&wireFormat.maxFrameSize=104857600"/>
Spring Boot official document is way too brief about usage of ActiveMQ. I dig into org.springframework.boot.autoconfigure.jms.activemq.ActiveMQProperties source code and see that setting spring.activemq.packages.trust-all to true should trust all server certs, but it still gets sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target .
Then I see another property spring.activemq.packages.trusted , but I wonder what should be put there.
Added: using openssl, sees CN of the server cert is just localhost . The application is calling using an IP.
1 answers
solution1
0 2023-02-02 20:13:08
The setting spring.activemq.packages.trust-all has nothing to do with SSL certificates and Spring's source code gives no indication that it does. It's related to the deserialization of JMS ObjectMessage instances. See more in the ActiveMQ "Classic" documentation .
If you really want the client to trust all SSL certificates then simply add trustAll=true to your broker-url , eg:
spring:
activemq:
broker-url: ssl://10.68.84.40:61617?trustAll=true
...
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.