Amazon MQ服务如何在不要求客户端使用TrustStore和KeyStore的情况下工作? [英] How Amazon MQ service works without asking client to use TrustStore and KeyStore?

问题描述

当我们在独立ActiveMQ上配置SSL时，我们可能需要在客户端代码中提供TrustStore，TrustStore密码，KeyStore和KeyStore密码，以通过SSL协议连接到Active MQ，但是对于AmazonMQ，尽管它们已经提供了SSL端点，但是我们可以简单地连接到它，而无需提供与信任和密钥相关的值.

When we configure the SSL on standalone ActiveMQ, we may need to provide the TrustStore,TrustStore Password, KeyStore and KeyStore password in client code to connect to the Active MQ over SSL protocol but in case of AmazonMQ, though they have provided SSL endpoint, but we can connect to it simply without providing the trust and key related values.

基于SSL的简单ActiveMQ的客户端代码段:

Client code snippet for Simple ActiveMQ over SSL:

ActiveMQSslConnectionFactory connFactory = new ActiveMQSslConnectionFactory("ssl://<someHost>:61617");
        String trustStore = "pathTo/client_new.ts";
        String keyStore = "PathTo/client_new.ks";
        try {

            connFactory.setTrustStore(trustStore);
            connFactory.setTrustStorePassword("password");
            connFactory.setKeyStore(keyStore);
            connFactory.setKeyStorePassword("password");

        } catch (Exception e) {

            e.printStackTrace();
        }

基于SSL的Amazon MQ的客户端代码段:

Client code snippet for Amazon MQ over SSL:

ActiveMQConnectionFactory connFactory = new ActiveMQConnectionFactory("ssl://xyz.amazonaws.com:61617");

基本上，这有什么区别?

Basically, what make this difference?

推荐答案

首先，AmazonMQ在ActiveMQ之上工作，亚马逊在activeMQ上编写了包装层，因此从功能上讲，它的工作原理几乎相同. AmazonMQ为managed Message Broker Service for ActiveMQ. 它管理与空间有关的所有事情，在不同区域中配置主动/被动端点，并在下面的链接中提到了一些好处.

Firstly AmazonMQ works on top of the ActiveMQ, amazon has written a wrapper layer over activeMQ so as functionality wise it works pretty much the same. AmazonMQ is managed Message Broker Service for ActiveMQ. It manages everything related to space, configuring active/passive endpoints in different regions and some benefits mentioned in the below links.

https://docs.aws.amazon .com/amazon-mq/latest/developer-guide/welcome.html

amazonMQ的其他好处是，您可以设置警报，以及作为使用Amazon其他服务(例如将activemq版本升级到最新版本)的一部分的更多信息.

Other benefits of amazonMQ is you can setup alerts and many more as part of using other services of amazon like upgrading activemq version to the latest.

现在进入应用程序部分，一件好事是您通过SSL连接配置了activemq的方式，尽管activemq也公开了tcp终结点，可以通过简单地提供代理URL来进行连接，但是在amazonMQ的情况下，它不会公开任何TCP端点唯一的连接方法是提供SSL端点和相关参数.

Now coming to you application part, one good thing was the way you have configured activemq was via SSL connection, though activemq exposes tcp endpoint as well which can be connected by simply providing broker URL but in case of amazonMQ it does not exposes any TCP endpoint only way to connect is by providing SSL endpoint and related parameters.

请参考以下链接，了解如何将应用程序连接到amazonMQ: https://docs. aws.amazon.com/amazon-mq/latest/developer-guide/amazon-mq-connecting-application.html

Refer this link on how application is connected to amazonMQ: https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/amazon-mq-connecting-application.html

这篇关于Amazon MQ服务如何在不要求客户端使用TrustStore和KeyStore的情况下工作?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！