[
https://issues.apache.org/jira/browse/ARTEMIS-3100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dominik Figl updated ARTEMIS-3100:
----------------------------------
Description:
I failed to configure Artemis with one-way SSL in combination with HA Failover.
Can anybody point out a working example to me? (I'm pretty new to that topic :)
)
I also failed to get access to the slack channel :\
My Goal:
Two Artemis instances on CentOS servers (one live and one backup server) with
server-side certificate to enable the clients to encrypt the traffic. No
client-side certs are needed.
My current configuration:
LIVE:
{code:xml}
<acceptor
name="artemis-netty">tcp://0.0.0.0:61619?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;enabledProtocols=TLSv1,TLSv1.1,TLSv1.2;needClientAuth=false;verifyHost=false;trustAll=true</acceptor>
<connectors>
<connector name="artemis">tcp://serverA:61619</connector>
<!-- connector to the server1 -->
<connector name="artemis-slave-connector">tcp://serverB:61619</connector>
</connectors>
<ha-policy>
<replication>
<master/>
</replication>
</ha-policy>
<cluster-connections>
<cluster-connection name="my-cluster">
<connector-ref>artemis</connector-ref>
<message-load-balancing>ON_DEMAND</message-load-balancing>
<max-hops>0</max-hops>
<static-connectors>
<connector-ref>artemis-slave-connector</connector-ref>
</static-connectors>
</cluster-connection>
</cluster-connections>
{code}
BACKUP:
{code:xml}
<acceptor
name="artemis-netty">tcp://0.0.0.0:61619?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;enabledProtocols=TLSv1,TLSv1.1,TLSv1.2;needClientAuth=false;verifyHost=false;trustAll=true</acceptor>
<connectors>
<connector name="artemis">tcp://serverB:61619</connector>
<connector name="artemis-master-connector">tcp://serverA:61619</connector>
</connectors>
<ha-policy>
<replication>
<slave/>
</replication>
</ha-policy>
<cluster-connections>
<cluster-connection name="my-cluster">
<connector-ref>artemis</connector-ref>
<message-load-balancing>ON_DEMAND</message-load-balancing>
<max-hops>0</max-hops>
<static-connectors>
<connector-ref>artemis-master-connector</connector-ref>
</static-connectors>
</cluster-connection>
</cluster-connections>
{code}
Certificate generation:
{noformat}
keytool -genkey -keystore activemq.example.keystore -storepass activemqexample
-keypass activemqexample -dname "CN=ActiveMQ Artemis Server, OU=Artemis,
O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA
keytool -export -keystore activemq.example.keystore -file server-side-cert.cer
-storepass activemqexample
keytool -import -keystore activemq.example.truststore -file
server-side-cert.cer -storepass activemqexample -keypass activemqexample
-noprompt
{noformat}
was:
I failed to configure Artemis with one-way SSL in combination with HA Failover.
Can anybody point out a working example to me? (I'm pretty new to that topic :)
)
I also failed to get access to the slack channel :\
My Goal:
Two Artemis instances on CentOS servers (one live and one backup server) with
server-side certificate to enable the clients to encrypt the traffic. No
client-side certs are needed.
My current configuration:
LIVE:
{code:xml}
<acceptor
name="artemis-netty">tcp://0.0.0.0:61619?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;enabledProtocols=TLSv1,TLSv1.1,TLSv1.2;needClientAuth=false;verifyHost=false;trustAll=true</acceptor>
<connectors>
<connector name="artemis">tcp://vrz8576t:61619</connector>
<!-- connector to the server1 -->
<connector name="artemis-slave-connector">tcp://kai8576t:61619</connector>
</connectors>
<ha-policy>
<replication>
<master/>
</replication>
</ha-policy>
<cluster-connections>
<cluster-connection name="my-cluster">
<connector-ref>artemis</connector-ref>
<message-load-balancing>ON_DEMAND</message-load-balancing>
<max-hops>0</max-hops>
<static-connectors>
<connector-ref>artemis-slave-connector</connector-ref>
</static-connectors>
</cluster-connection>
</cluster-connections>
{code}
BACKUP:
{code:xml}
<acceptor
name="artemis-netty">tcp://0.0.0.0:61619?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;enabledProtocols=TLSv1,TLSv1.1,TLSv1.2;needClientAuth=false;verifyHost=false;trustAll=true</acceptor>
<connectors>
<connector name="artemis">tcp://kai8576t:61619</connector>
<connector name="artemis-master-connector">tcp://vrz8576t:61619</connector>
</connectors>
<ha-policy>
<replication>
<slave/>
</replication>
</ha-policy>
<cluster-connections>
<cluster-connection name="my-cluster">
<connector-ref>artemis</connector-ref>
<message-load-balancing>ON_DEMAND</message-load-balancing>
<max-hops>0</max-hops>
<static-connectors>
<connector-ref>artemis-master-connector</connector-ref>
</static-connectors>
</cluster-connection>
</cluster-connections>
{code}
Certificate generation:
{noformat}
keytool -genkey -keystore activemq.example.keystore -storepass activemqexample
-keypass activemqexample -dname "CN=ActiveMQ Artemis Server, OU=Artemis,
O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA
keytool -export -keystore activemq.example.keystore -file server-side-cert.cer
-storepass activemqexample
keytool -import -keystore activemq.example.truststore -file
server-side-cert.cer -storepass activemqexample -keypass activemqexample
-noprompt
{noformat}
> I failed to configure SSL in combination with HA Failover
> ---------------------------------------------------------
>
> Key: ARTEMIS-3100
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3100
> Project: ActiveMQ Artemis
> Issue Type: Wish
> Affects Versions: 2.16.0
> Reporter: Dominik Figl
> Priority: Trivial
>
> I failed to configure Artemis with one-way SSL in combination with HA
> Failover.
> Can anybody point out a working example to me? (I'm pretty new to that topic
> :) )
> I also failed to get access to the slack channel :\
> My Goal:
> Two Artemis instances on CentOS servers (one live and one backup server) with
> server-side certificate to enable the clients to encrypt the traffic. No
> client-side certs are needed.
> My current configuration:
> LIVE:
> {code:xml}
> <acceptor
> name="artemis-netty">tcp://0.0.0.0:61619?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;enabledProtocols=TLSv1,TLSv1.1,TLSv1.2;needClientAuth=false;verifyHost=false;trustAll=true</acceptor>
> <connectors>
> <connector name="artemis">tcp://serverA:61619</connector>
> <!-- connector to the server1 -->
> <connector name="artemis-slave-connector">tcp://serverB:61619</connector>
> </connectors>
> <ha-policy>
> <replication>
> <master/>
> </replication>
> </ha-policy>
> <cluster-connections>
> <cluster-connection name="my-cluster">
> <connector-ref>artemis</connector-ref>
> <message-load-balancing>ON_DEMAND</message-load-balancing>
> <max-hops>0</max-hops>
> <static-connectors>
> <connector-ref>artemis-slave-connector</connector-ref>
> </static-connectors>
> </cluster-connection>
> </cluster-connections>
> {code}
> BACKUP:
> {code:xml}
> <acceptor
> name="artemis-netty">tcp://0.0.0.0:61619?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample;enabledProtocols=TLSv1,TLSv1.1,TLSv1.2;needClientAuth=false;verifyHost=false;trustAll=true</acceptor>
>
> <connectors>
> <connector name="artemis">tcp://serverB:61619</connector>
> <connector name="artemis-master-connector">tcp://serverA:61619</connector>
> </connectors>
> <ha-policy>
> <replication>
> <slave/>
> </replication>
> </ha-policy>
> <cluster-connections>
> <cluster-connection name="my-cluster">
> <connector-ref>artemis</connector-ref>
> <message-load-balancing>ON_DEMAND</message-load-balancing>
> <max-hops>0</max-hops>
> <static-connectors>
> <connector-ref>artemis-master-connector</connector-ref>
> </static-connectors>
> </cluster-connection>
> </cluster-connections>
> {code}
> Certificate generation:
> {noformat}
> keytool -genkey -keystore activemq.example.keystore -storepass
> activemqexample -keypass activemqexample -dname "CN=ActiveMQ Artemis Server,
> OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA
> keytool -export -keystore activemq.example.keystore -file
> server-side-cert.cer -storepass activemqexample
> keytool -import -keystore activemq.example.truststore -file
> server-side-cert.cer -storepass activemqexample -keypass activemqexample
> -noprompt
> {noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
