[
https://issues.apache.org/jira/browse/AMQ-9744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18048259#comment-18048259
]
Marc Giavarra commented on AMQ-9744:
------------------------------------
Hi,
I have the same problem. If you use the IP address in the URL like
"https://<server-ip-address>:8162/admin/" you get
!image-2025-12-29-18-11-21-816.png!
This does *not* work (property: sniRequired)
{code:java}
conf/jetty.xml
<!--
Enable this connector if you wish to use https with web console
-->
<bean id="SecureConnector" class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="Server" />
<constructor-arg>
<bean id="handlers"
class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
<property name="keyStorePath" value="${activemq.conf}/broker.ks" />
<property name="keyStorePassword" value="password" />
----===>>> <property name="sniRequired" value="false" /> <<<===---
</bean>
</constructor-arg>
<property name="port" value="8162" />
</bean> {code}
That does *not* work either (setenv: $ACTIVEMQ_SSL_OPTS or ACTIVEMQ_OPTS")
{code:java}
-Djetty.sslContext.sniRequired=false -Djetty.ssl.sniRequired=false {code}
It works with such a test certificate .. the SAN contains the IP address :-/
.... but it is not practical.
{code:java}
keytool \
-genkey \
-alias activemq6.intra.net \
-keyalg RSA \
-sigalg SHA1withRSA \
-keysize 4096 \
-validity 1095 \
-keystore /opt/activemq/conf/activemq6.intra.net.ks \
-dname "CN=activemq6.intra.net,OU=activemq6.intra.net,
O=activemq6.intra.net, L=Lurch, ST=BY, C=GB" \
-ext "SAN=dns:localhost,dns:activemq6,ip:172.12.0.113" \ <<<===---
-storepass 123456 \
-keypass 123456{code}
> Issues Migrating from ActiveMQ Classic 5.16.5 to 6.1.7 — Invalid SNI & Broken
> Documentation Links
> -------------------------------------------------------------------------------------------------
>
> Key: AMQ-9744
> URL: https://issues.apache.org/jira/browse/AMQ-9744
> Project: ActiveMQ
> Issue Type: Bug
> Components: Web Console
> Affects Versions: 6.1.7
> Environment: *Environment:*
> * ActiveMQ Classic version: *6.1.7*
> * Previous version: *5.16.5*
> * OS: Windows Server 2019
> * Java: JDK 17+
> * Jetty used by ActiveMQ: Default bundled
> Reporter: Nagaraju
> Priority: Major
> Attachments: image-2025-12-29-18-11-21-816.png
>
>
> We are in the process of migrating our application from *ActiveMQ Classic
> 5.16.5 to 6.1.7* and are facing the following issues:
>
> h3. 1. *HTTPS Access Error: Invalid SNI*
> We are using *self-signed SSL* for the WebConsole.
> * *Certificate CN:* {{localhost}}
> * When we access: {{https://localhost:8161}} → ✅ *Working*
> * When we access: {{https://hostname:8161}} → ❌ {*}Fails with:{*}{*}{*}
> *HTTP ERROR 400 Invalid SNI*
> *URI: /*
> *STATUS: 400*
> *MESSAGE: Invalid SNI*
> *CAUSED BY: org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI*
>
> We suspect Jetty is performing strict SNI host name checks. Is there a way to
> bypass or disable SNI validation in Jetty as bundled with ActiveMQ 6.x?
>
> h3. 2. *Broken Documentation Links on Official Website*
> From the official [Getting Started
> guide|https://activemq.apache.org/components/classic/documentation/getting-started],
> under {*}Document Organization{*}, the links point to outdated
> Also, the link to the {*}Issues page{*}:
> * {{https://activemq.apache.org/components/classic/documentation/issues}}
> * ➡️ Results in: "Not Found Page"
>
> 3. *WebConsole Encrypted Password Documentation Missing*
> The file {{docs/WebConsole-README.txt}} in the distribution does not provide
> instructions on:
> * How to *store an encrypted password*
> * How to *configure the WebConsole to use the encrypted password*
> Can you provide documentation or an example?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
