Author: buildbot
Date: Mon Jul 7 11:20:56 2014
New Revision: 915371
Log:
Production update by buildbot for activemq
Modified:
websites/production/activemq/content/cache/main.pageCache
websites/production/activemq/content/how-do-i-use-ssl.html
Modified: websites/production/activemq/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/activemq/content/how-do-i-use-ssl.html
==============================================================================
--- websites/production/activemq/content/how-do-i-use-ssl.html (original)
+++ websites/production/activemq/content/how-do-i-use-ssl.html Mon Jul 7
11:20:56 2014
@@ -81,58 +81,28 @@
<tbody>
<tr>
<td valign="top" width="100%">
-<div class="wiki-content maincontent"><h3
id="HowdoIuseSSL-SettinguptheKeyandTrustStores">Setting up the Key and Trust
Stores</h3>
-
-<p>Also see <a shape="rect" class="external-link"
href="http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html";>Tomcat's
SSL instructions</a> for more info. The following was provided by Colin
Kilburn. Thanks Colin!</p>
-
- <div class="aui-message hint shadowed information-macro">
+<div class="wiki-content maincontent"><h3
id="HowdoIuseSSL-SettinguptheKeyandTrustStores">Setting up the Key and Trust
Stores</h3><p>Also see <a shape="rect" class="external-link"
href="http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html";>Tomcat's
SSL instructions</a> for more info. The following was provided by Colin
Kilburn. Thanks Colin!</p> <div class="aui-message hint shadowed
information-macro">
<p class="title">ActiveMQ uses dummy credentials by
default</p>
<span class="aui-icon icon-hint">Icon</span>
<div class="message-content">
- <p>ActiveMQ includes key and trust stores that
reference a dummy self signed cert. When you create a broker certificate and
stores for your installation, either overwrite the values in the conf directory
or delete the existing dummy key and trust stores so they cannot interfere) </p>
+ <p>ActiveMQ includes key and trust stores that
reference a dummy self signed cert. When you create a broker certificate and
stores for your installation, either overwrite the values in the conf directory
or delete the existing dummy key and trust stores so they cannot interfere)</p>
</div>
</div>
-
-
-<ol><li>Using keytool, create a certificate for the broker:
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[
-keytool -genkey -alias broker -keyalg RSA -keystore broker.ks
-]]></script>
-</div></div></li><li>Export the broker's certificate so it can be shared with
clients:
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[
-keytool -export -alias broker -keystore broker.ks -file broker_cert
+<ol><li><p>Using keytool, create a certificate for the broker:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
+<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[keytool -genkey -alias broker -keyalg RSA
-keystore broker.ks
]]></script>
-</div></div></li><li>Create a certificate/keystore for the client:
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
+</div></div></li><li><p>Export the broker's certificate so it can be shared
with clients:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
+<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[keytool -export -alias broker -keystore
broker.ks -file broker_cert
+]]></script>
+</div></div></li><li><p>Create a certificate/keystore for the client:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[keytool -genkey -alias client -keyalg RSA
-keystore client.ks]]></script>
-</div></div></li><li>Create a truststore for the client, and import the
broker's certificate. This establishes that the client "trusts" the broker:
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
+</div></div></li><li><p>Create a truststore for the client, and import the
broker's certificate. This establishes that the client "trusts" the
broker:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[keytool -import -alias broker -keystore
client.ts -file broker_cert]]></script>
-</div></div></li></ol>
-
-
-<h3 id="HowdoIuseSSL-StartingtheBroker">Starting the Broker</h3>
-
-<h4 id="HowdoIuseSSL-Usingthejavax.net.ssl.*SystemProperties">Using the
javax.net.ssl.* System Properties</h4>
-
-<p>Before starting the broker's VM set the SSL_OPTS enviorment variable so
that it knows to use the broker keystore.</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[
-export SSL_OPTS = -Djavax.net.ssl.keyStore=/path/to/broker.ks
-Djavax.net.ssl.keyStorePassword=password
+</div></div></li></ol><h3 id="HowdoIuseSSL-StartingtheBroker">Starting the
Broker</h3><h4 id="HowdoIuseSSL-Usingthejavax.net.ssl.*SystemProperties">Using
the javax.net.ssl.* System Properties</h4><p>Before starting the broker's VM
set the SSL_OPTS enviorment variable so that it knows to use the broker
keystore.</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
+<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[export SSL_OPTS =
-Djavax.net.ssl.keyStore=/path/to/broker.ks
-Djavax.net.ssl.keyStorePassword=password
]]></script>
-</div></div>
-
-<h4 id="HowdoIuseSSL-UsingSpringtoconfigureSSLforaBrokerinstance">Using Spring
to configure SSL for a Broker instance</h4>
-
-<p>Sometimes the use of javax.net.ssl.* system properties is not appropriate
as they effect all SSL users in a JVM. ActiveMQ 5.2.x adds an
<sslContext> element to the <amq:broker> that allows a broker
specific set of SSL properties to be configured.</p>
-
-<p>The SslContext <a shape="rect" class="external-link"
href="https://svn.apache.org/repos/asf/activemq/trunk/activemq-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslContextBrokerServiceTest.java";>test
case</a> validates starting an SSL transport listener using the configuration
specified in the broker Xbean. The SslContext element is added to the broker as
follows:</p>
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[
-<beans
+</div></div><h4
id="HowdoIuseSSL-UsingSpringtoconfigureSSLforaBrokerinstance">Using Spring to
configure SSL for a Broker instance</h4><p>Sometimes the use of javax.net.ssl.*
system properties is not appropriate as they effect all SSL users in a JVM.
ActiveMQ 5.2.x adds an <sslContext> element to the <amq:broker>
that allows a broker specific set of SSL properties to be configured.</p><p>The
SslContext <a shape="rect" class="external-link"
href="https://svn.apache.org/repos/asf/activemq/trunk/activemq-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslContextBrokerServiceTest.java";>test
case</a> validates starting an SSL transport listener using the configuration
specified in the broker Xbean. The SslContext element is added to the broker as
follows:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
+<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[<beans
<amq:broker useJmx="false" persistent="false">
<amq:sslContext>
@@ -148,60 +118,29 @@ export SSL_OPTS = -Djavax.net.ssl.keySto
</amq:broker>
</beans>
]]></script>
-</div></div>
-
-<p>The SslContext is used to configure the <a shape="rect"
class="external-link"
href="https://svn.apache.org/repos/asf/activemq/trunk/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransportFactory.java";>SslTransportFactory</a>
for that broker. Full details of the configuration options available can be
seen in the <a shape="rect" class="external-link"
href="http://activemq.apache.org/schema/core/activemq-core-5.2-SNAPSHOT.xsd";>schema
definition</a> or in the accessors of <a shape="rect" class="external-link"
href="https://svn.apache.org/repos/asf/activemq/trunk/activemq-spring/src/main/java/org/apache/activemq/spring/SpringSslContext.java";>org.apache.activemq.spring.SpringSslContext</a></p>
-
-<h3 id="HowdoIuseSSL-StartingtheClient">Starting the Client</h3>
-
-<p>When starting the client's VM, specify the following system properties:</p>
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[
-javax.net.ssl.keyStore=/path/to/client.ks
+</div></div><p>The SslContext is used to configure the <a shape="rect"
class="external-link"
href="https://svn.apache.org/repos/asf/activemq/trunk/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransportFactory.java";>SslTransportFactory</a>
for that broker. Full details of the configuration options available can be
seen in the <a shape="rect" class="external-link"
href="http://activemq.apache.org/schema/core/activemq-core-5.2-SNAPSHOT.xsd";>schema
definition</a> or in the accessors of <a shape="rect" class="external-link"
href="https://svn.apache.org/repos/asf/activemq/trunk/activemq-spring/src/main/java/org/apache/activemq/spring/SpringSslContext.java";>org.apache.activemq.spring.SpringSslContext</a></p><h3
id="HowdoIuseSSL-StartingtheClient">Starting the Client</h3><p>When starting
the client's VM, specify the following system properties:</p><div class="code
panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[javax.net.ssl.keyStore=/path/to/client.ks
javax.net.ssl.keyStorePassword=password
javax.net.ssl.trustStore=/path/to/client.ts
]]></script>
-</div></div>
-
- <div class="aui-message problem shadowed information-macro">
+</div></div> <div class="aui-message problem shadowed information-macro">
<span class="aui-icon icon-problem">Icon</span>
<div class="message-content">
-
-<p>In Linux, do not use absolute path to keystore. By default, keytool uses
~/.keystore, but in some setups passing
-Djavax.net.ssl.keyStore=/home/account/.keystore to Java VM does not work. This
is not ActiveMQ specific but good to keep in mind anyway.</p>
+ <p>In Linux, do not use absolute path to keystore.
By default, keytool uses ~/.keystore, but in some setups passing
-Djavax.net.ssl.keyStore=/home/account/.keystore to Java VM does not work. This
is not ActiveMQ specific but good to keep in mind anyway.</p>
</div>
</div>
-
-
-<h3 id="HowdoIuseSSL-Clientcertificates">Client certificates</h3>
-
-<p>If you want to verify client certificates, you need to take a few extra
steps:</p>
-
-<ol><li>Export the client's certificate so it can be shared with broker:
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[
-keytool -export -alias client -keystore client.ks -file client_cert
+<h3 id="HowdoIuseSSL-Clientcertificates">Client certificates</h3><p>If you
want to verify client certificates, you need to take a few extra
steps:</p><ol><li><p>Export the client's certificate so it can be shared with
broker:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
+<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[keytool -export -alias client -keystore
client.ks -file client_cert
]]></script>
-</div></div></li><li>Create a truststore for the broker, and import the
client's certificate. This establishes that the broker "trusts" the client:
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
+</div></div></li><li><p>Create a truststore for the broker, and import the
client's certificate. This establishes that the broker "trusts" the
client:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[keytool -import -alias client -keystore
broker.ts -file client_cert]]></script>
-</div></div></li><li>Add
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
+</div></div></li><li><p>Add</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[-Djavax.net.ssl.trustStore=/path/to/broker.ts]]></script>
-</div></div>
- to SSL_OPTS</li><li>Instruct ActiveMQ to require client authentication but
setting the following in activemq.xml:
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[
- <transportConnectors>
+</div></div><p>to SSL_OPTS</p></li><li><p>Instruct ActiveMQ to require client
authentication by setting the following in activemq.xml:</p><div class="code
panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[ <transportConnectors>
<transportConnector name="ssl"
uri="ssl://localhost:61617?needClientAuth=true" />
</transportConnectors>]]></script>
-</div></div></li></ol>
-
-
-<h3 id="HowdoIuseSSL-Usefullinks">Useful links</h3>
-
-<p>These links might also help</p>
-
-<ul><li><a shape="rect" class="external-link"
href="http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#CreateKeystore";
rel="nofollow">Sun's JSSE guide</a></li><li><a shape="rect"
class="external-link"
href="https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO10061";
rel="nofollow">Thawte SSL Troubleshooting Tips</a></li></ul></div>
+</div></div></li></ol><h3 id="HowdoIuseSSL-Usefullinks">Useful
links</h3><p>These links might also help</p><ul><li><a shape="rect"
class="external-link"
href="http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#CreateKeystore";
rel="nofollow">Sun's JSSE guide</a></li><li><a shape="rect"
class="external-link"
href="https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO10061";
rel="nofollow">Thawte SSL Troubleshooting Tips</a></li></ul></div>
</td>
<td valign="top">
<div class="navigation">
