如何在SSL中激活ActiveQ [英] How to activemq in ssl
问题描述
我正在尝试通过jms(activemq)发送消息,但我希望它采用ssl协议. 目前,它实际上在tcp中工作.
I'm trying to send messages via jms (activemq) but I want it to be in ssl protocol. It actuality works in tcp for now.
我使用带有虚拟主题和2个队列的jndi.有人可以帮我,我尝试了一下,但是卡住了,服务器无法启动:
I use jndi, with a virtual topic and 2 queues. Could somebody help me, I tryed this but I get stuck the server won't start :
http://activemq.apache.org/how-do- i-use-ssl.html
thx
edit:日志显示:对实体"needClientAuth"的引用必须以';'结尾.定界符."
edit : The log says : "The reference to entity "needClientAuth" must end with the ';' delimiter."
推荐答案
我将回答我自己的问题:
I will answer my own question :
首先在内部..../apache-activemq-5.11.1/conf/activemq.xml:
First of all inside ..../apache-activemq-5.11.1/conf/activemq.xml :
<transportConnectors>
<transportConnector name="ssl" uri="ssl://0.0.0.0:61617?trace=true&needClientAuth=true"/>
</transportConnectors>
别忘了& (无空间),这就是服务器端阻塞的内容.在activemq页面上没有写.同样,不要忘记打开您的端口.在这里(61617)
Don't forget the & amp; (without the space) that's what was blocking on the server side. On activemq page it isn't written. As well don't forget to open your port. Here (61617)
仍然在activemq.xml中
Still inside activemq.xml
<sslContext>
<sslContext keyStore="file:${activemq.base}/conf/amq-server.ks"
keyStorePassword="PASSWORD"
trustStore="file:${activemq.base}/conf/amq-server.ts"
trustStorePassword="PASSWORD" />
</sslContext>
重新启动JMS;这次应该没问题.现在您的服务器端可以了,让我们来找客户端.
Restart JMS; This time it should be OK. Now that your server side is OK Let's go for the client.
我已经在activemq ..../apache-activemq-5.11.1/conf中完成了此操作((遵循询问的内容,姓名,通行证等).
I have done this in activemq ..../apache-activemq-5.11.1/conf : (follow what is asked, names, pass, etc...).
## Create a keystore for the broker SERVER
$ keytool -genkey -alias amq-server -keyalg RSA -keysize 2048 -validity 90 -keystore amq-server.ks
## Export the broker SERVER certificate from the keystore
$ keytool -export -alias amq-server -keystore amq-server.ks -file amq-server_cert
## Create the CLIENT keystore
$ keytool -genkey -alias amq-client -keyalg RSA -keysize 2048 -validity 90 -keystore amq-client.ks
## Import the previous exported broker's certificate into a CLIENT truststore
$ keytool -import -alias amq-server -keystore amq-client.ts -file amq-server_cert
## If you want to make trusted also the client, you must export the client's certificate from the keystore
$ keytool -export -alias amq-client -keystore amq-client.ks -file amq-client_cert
## Import the client's exported certificate into a broker SERVER truststore
$ keytool -import -alias amq-client -keystore amq-server.ts -file amq-client_cert
然后我在 https://winscp.net/eng/index.php 从服务器到PC的"amq-client.ts"和"amq-client.ks"(我在Windows上开发,在Linux上服务器).
Then I downloaded with the help of https://winscp.net/eng/index.php my "amq-client.ts" and "amq-client.ks" from my server to my PC (I dev on windows and server on linux).
我在Eclipse中将这两个文件用作源. (我不会解释如何做.)
I used this two files as source in eclipse. (I won't explain how to).
最后,在日食中,我只需要更改一件事,就是用ActiveMQSslConnectionFactory替换QueueConnectionFactory:
Finally in eclipse I had to change only one thing I had to replace QueueConnectionFactory by ActiveMQSslConnectionFactory:
所以我擦除了
QueueConnectionFactory connFactory = (QueueConnectionFactory) ctx
.lookup("jms/ConnectionFactory");
代替了:
ActiveMQSslConnectionFactory connectionFactory = new ActiveMQSslConnectionFactory(url);
try {
connectionFactory.setTrustStore(CLIENT_TS_FILE);
connectionFactory.setTrustStorePassword("PASSWORD asked while TS file made");
connectionFactory.setKeyStore(CLIENT_KS_FILE);
connectionFactory.setKeyStorePassword("PASSWORD asked while KS file made");
} catch (Exception e) {
throw new MotorException(
"JMS Connection Failed (Trust store or key store weren't found) : ",
e);
}
至少对于activemq和ssl来说,上网很少,这可能会对某人有所帮助.
Very little was on internet at least for activemq and ssl it might help someone.
这篇关于如何在SSL中激活ActiveQ的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
