Thank you for positive reply! Regarding your questions:
> Are you specifying a value for "keyStoreAlias"? Yes, we are selecting the certificate using the "keyStoreAlias". > How are you generating this keystore? I don't know how our keystore was created originally. Maybe manually using "Portecle"? We are using a JKS keystore. You can create an example using Java's keytool: keytool -genkey -alias brokertest -keyalg RSA -keystore brokertest.ks -storetype JKS -storepass keystore123 -keypass keypass123 keytool only supports differing passwords for the JKS store type, even though other store types like PKCS12 do support it as well. Let me know if you need any further info or action from my side. Thank you very much in advance! Greetings Manuel On Tue, Jul 22, 2025 at 6:48 PM Justin Bertram <jbert...@apache.org> wrote: > > I think this would be worth supporting. > > I've got a couple of questions: > > - Are you specifying a value for "keyStoreAlias"? > - How are you generating this keystore? > > > Justin > > On Tue, Jul 22, 2025 at 7:45 AM Manuel K <mko...@gmail.com> wrote: > > > Hi all, > > > > we are using the STOMP protocol to send messages and ActiveMQ Artemis > > is acting as the client hosted in WildFly 35. We want to use Netty SSL > > with our existing keystore and an existing key/certificate. The > > key/certificate is secured with its own password. In WildFly terms, > > these are the keystore password and the key manager password. > > > > As shown in the documentation, it is currently only possible to set a > > keyStorePassword: > > > > https://activemq.apache.org/components/artemis/documentation/latest/configuring-transports.html#configuring-netty-ssl > > > > As seen in the code here, the keyStorePassword is also used to > > initialize the key, and there is no possibility to set an additional > > password: > > https://github.com/apache/activemq-artemis/blob/bd2a7402cbd8ea591b64507aa0fd7199583a0f70/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java#L389 > > > > Would you consider adding an additional parameter called "keyPassword" > > or "keyManagerPassword" to support this use case? If this is something > > you'd be open to supporting, I’d be happy to open a Jira issue for the > > feature request. > > > > Thank you very much for your time and consideration! > > > > Greetings > > Manuel K > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@activemq.apache.org > > For additional commands, e-mail: users-h...@activemq.apache.org > > For further information, visit: https://activemq.apache.org/contact > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@activemq.apache.org For additional commands, e-mail: users-h...@activemq.apache.org For further information, visit: https://activemq.apache.org/contact
