[
https://issues.apache.org/jira/browse/ARTEMIS-3100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dominik Figl updated ARTEMIS-3100:
----------------------------------
Description:
I failed to configure Artemis with one-way SSL in combination with HA Failover.
Can anybody point out a working example to me? (I'm pretty new to that topic :)
)
I also failed to get access to the slack channel :\
My Goal:
2 Artemis Instances on CentOs Servers (one live and one backup server) with
Server Side Certificate to enable the clients to encrypt the traffic. No Client
side certs are needed.
My current configurate attempt:
LIVE:
<acceptor
name="artemis-netty">tcp://0.0.0.0:61619?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;enabledProtocols=TLSv1,TLSv1.1,TLSv1.2;needClientAuth=false;verifyHost=false;trustAll=true</acceptor>
<connectors> <connectors> <connector
name="artemis">tcp://vrz8576t:61619</connector> <!-- connector to the server1
--> <connector
name="artemis-slave-connector">tcp://kai8576t:61619</connector> </connectors>
<ha-policy> <replication> <master/> </replication> </ha-policy>
<cluster-connections> <cluster-connection name="my-cluster">
<connector-ref>artemis</connector-ref>
<message-load-balancing>ON_DEMAND</message-load-balancing>
<max-hops>0</max-hops> <static-connectors>
<connector-ref>artemis-slave-connector</connector-ref>
</static-connectors> </cluster-connection> </cluster-connections>
BACKUP:
<acceptor
name="artemis-netty">tcp://0.0.0.0:61619?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;enabledProtocols=TLSv1,TLSv1.1,TLSv1.2;needClientAuth=false;verifyHost=false;trustAll=true</acceptor>
<connectors><connectors> <connector
name="artemis">tcp://kai8576t:61619</connector> <connector
name="artemis-master-connector">tcp://vrz8576t:61619</connector>
</connectors>
<ha-policy> <replication> <slave/> </replication> </ha-policy>
<cluster-connections> <cluster-connection name="my-cluster">
<connector-ref>artemis</connector-ref>
<message-load-balancing>ON_DEMAND</message-load-balancing>
<max-hops>0</max-hops> <static-connectors>
<connector-ref>artemis-master-connector</connector-ref>
</static-connectors> </cluster-connection> </cluster-connections>
Certificate generation:
keytool -genkey -keystore activemq.example.keystore -storepass activemqexample
-keypass activemqexample -dname "CN=ActiveMQ Artemis Server, OU=Artemis,
O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA
keytool -export -keystore activemq.example.keystore -file server-side-cert.cer
-storepass activemqexample
keytool -import -keystore activemq.example.truststore -file
server-side-cert.cer -storepass activemqexample -keypass activemqexample
-noprompt
BR
Dominik
was:
I failed to configure Artemis with one-way SSL in combination with HA Failover.
Can anybody point out a working example to me? (I'm pretty new to that topic :)
)
I also failed to get access to the slack channel :\
My Goal:
2 Artemis Instances on CentOs Servers (one live and one backup server) with
Server Side Certificate to enable the clients to encrypt the traffic. No Client
side certs are needed.
My current configurate attempt:
LIVE:
<acceptor
name="artemis-netty">tcp://0.0.0.0:61619?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;sslEnabled=true;sslProvider=OPENSSL;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;enabledProtocols=TLSv1,TLSv1.1,TLSv1.2;needClientAuth=false;verifyHost=false;trustAll=true</acceptor>
<connectors> <connectors> <connector
name="artemis">tcp://vrz8576t:61619</connector> <!-- connector to the server1
--> <connector
name="artemis-slave-connector">tcp://kai8576t:61619</connector> </connectors>
<ha-policy> <replication> <master/> </replication> </ha-policy>
<cluster-connections> <cluster-connection name="my-cluster">
<connector-ref>artemis</connector-ref>
<message-load-balancing>ON_DEMAND</message-load-balancing>
<max-hops>0</max-hops> <static-connectors>
<connector-ref>artemis-slave-connector</connector-ref>
</static-connectors> </cluster-connection> </cluster-connections>
BACKUP:
<acceptor
name="artemis-netty">tcp://0.0.0.0:61619?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;sslEnabled=true;sslProvider=OPENSSL;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;enabledProtocols=TLSv1,TLSv1.1,TLSv1.2;needClientAuth=false;verifyHost=false;trustAll=true</acceptor>
<connectors><connectors> <connector
name="artemis">tcp://kai8576t:61619</connector> <connector
name="artemis-master-connector">tcp://vrz8576t:61619</connector>
</connectors>
<ha-policy> <replication> <slave/> </replication> </ha-policy>
<cluster-connections> <cluster-connection name="my-cluster">
<connector-ref>artemis</connector-ref>
<message-load-balancing>ON_DEMAND</message-load-balancing>
<max-hops>0</max-hops> <static-connectors>
<connector-ref>artemis-master-connector</connector-ref>
</static-connectors> </cluster-connection> </cluster-connections>
Certificate generation:
keytool -genkey -keystore activemq.example.keystore -storepass activemqexample
-keypass activemqexample -dname "CN=ActiveMQ Artemis Server, OU=Artemis,
O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA
keytool -export -keystore activemq.example.keystore -file server-side-cert.cer
-storepass activemqexample
keytool -import -keystore activemq.example.truststore -file
server-side-cert.cer -storepass activemqexample -keypass activemqexample
-noprompt
BR
Dominik
> I failed to configure SSL in combination with HA Failover
> ---------------------------------------------------------
>
> Key: ARTEMIS-3100
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3100
> Project: ActiveMQ Artemis
> Issue Type: Wish
> Affects Versions: 2.16.0
> Reporter: Dominik Figl
> Priority: Trivial
>
> I failed to configure Artemis with one-way SSL in combination with HA
> Failover.
> Can anybody point out a working example to me? (I'm pretty new to that topic
> :) )
> I also failed to get access to the slack channel :\
> My Goal:
> 2 Artemis Instances on CentOs Servers (one live and one backup server) with
> Server Side Certificate to enable the clients to encrypt the traffic. No
> Client side certs are needed.
> My current configurate attempt:
> LIVE:
> <acceptor
> name="artemis-netty">tcp://0.0.0.0:61619?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;enabledProtocols=TLSv1,TLSv1.1,TLSv1.2;needClientAuth=false;verifyHost=false;trustAll=true</acceptor>
> <connectors> <connectors> <connector
> name="artemis">tcp://vrz8576t:61619</connector> <!-- connector to the
> server1 --> <connector
> name="artemis-slave-connector">tcp://kai8576t:61619</connector>
> </connectors> <ha-policy> <replication> <master/> </replication>
> </ha-policy>
> <cluster-connections> <cluster-connection name="my-cluster">
> <connector-ref>artemis</connector-ref>
> <message-load-balancing>ON_DEMAND</message-load-balancing>
> <max-hops>0</max-hops> <static-connectors>
> <connector-ref>artemis-slave-connector</connector-ref>
> </static-connectors> </cluster-connection> </cluster-connections>
> BACKUP:
> <acceptor
> name="artemis-netty">tcp://0.0.0.0:61619?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;enabledProtocols=TLSv1,TLSv1.1,TLSv1.2;needClientAuth=false;verifyHost=false;trustAll=true</acceptor>
>
> <connectors><connectors> <connector
> name="artemis">tcp://kai8576t:61619</connector> <connector
> name="artemis-master-connector">tcp://vrz8576t:61619</connector>
> </connectors>
> <ha-policy> <replication> <slave/> </replication> </ha-policy>
> <cluster-connections> <cluster-connection name="my-cluster">
> <connector-ref>artemis</connector-ref>
> <message-load-balancing>ON_DEMAND</message-load-balancing>
> <max-hops>0</max-hops> <static-connectors>
> <connector-ref>artemis-master-connector</connector-ref>
> </static-connectors> </cluster-connection> </cluster-connections>
> Certificate generation:
> keytool -genkey -keystore activemq.example.keystore -storepass
> activemqexample -keypass activemqexample -dname "CN=ActiveMQ Artemis Server,
> OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA
> keytool -export -keystore activemq.example.keystore -file
> server-side-cert.cer -storepass activemqexample
> keytool -import -keystore activemq.example.truststore -file
> server-side-cert.cer -storepass activemqexample -keypass activemqexample
> -noprompt
> BR
> Dominik
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
