Given the question, a more basic starting point might be to indicate that you can configure the broker via the web management interface: https://qpid.apache.org/releases/qpid-broker-j-9.2.0/book/Java-Broker-Management-Channel-Web-Console.html
Where you can then define e.g Keystores (and Truststores and Authentication Providers) https://qpid.apache.org/releases/qpid-broker-j-9.2.0/book/Java-Broker-Concepts-Other-Services.html#Java-Broker-Concepts-Keystores Then you can configure the port to use them, as Tomas covered. Note you would typically only use the 'External' authentication provider if actually wanting to do mutual auth / client-certificate authentication, so that line should perhaps have also been at the end with the 'optionally' around setting a trust store. https://qpid.apache.org/releases/qpid-broker-j-9.2.0/book/Java-Broker-Security.html#Java-Broker-Security-External-Provider On Thu, 3 Oct 2024 at 14:06, Tomas Vavricka <vavr...@apache.org> wrote: > > Hi Welly, > > The image did not go through. Could you please post the log messages (in > text) related to the invalid keystore? > > To enable SSL, you need to configure the port with the following: > * Set the existing 'External' authentication provider > * Select SSL transport > * Set the existing keystore > * Optionally, set the existing truststore if mutual authentication is required > > Further details can be found in the broker documentation: > https://qpid.apache.org/releases/qpid-broker-j-9.2.0/book/Java-Broker-Management-Managing-Ports.html > > Example keystore configuration JSON: > > { > "id" : "0e7f7a71-7fb4-4258-8af3-6271ab18e540", > "name" : "keystore-amqps", > "description" : "/path/to/keystore-amqps.p12", > "type" : "FileKeyStore", > "desiredState" : "ACTIVE", > "state" : "ACTIVE", > "durable" : true, > "lifetimePolicy" : "PERMANENT", > "certificateAlias" : "hostname", > "certificateDetails" : [ ], > "certificateExpiryCheckFrequency" : 1, > "certificateExpiryWarnPeriod" : 30, > "keyManagerFactoryAlgorithm" : "SunX509", > "keyStoreType" : "pkcs12", > "lastOpenedTime" : 1727947703448, > "password" : "12345678", > "path" : "/path/to/keystore-amqps.p12", > "storeUrl" : "/path/to/keystore-amqps.p12", > "useHostNameMatching" : true, > "lastUpdatedBy" : "admin", > "lastUpdatedTime" : 1727947721705, > "createdTime" : 1727947702840 > } > > Regards, > Tomas > > On 2024/10/02 18:17:43 Welly Hong wrote: > > Hi support team, > > > > We are trying to enable SSL on Apache Qpid Broker-J. However, we always got > > invalid Key Store. Please advise how to enable SSL on Apache Qpid Broker-J. > > > > [cid:image001.png@01DB14D5.79F94350] > > > > Thanks, > > > > Welly > > > > > > Important Information > > > > This email message (and any attachments) are intended only for the personal > > and confidential use of the designated and intended recipient and may > > contain privileged, proprietary, trade secret or other forms of > > confidential information. If you are not the intended recipient of this > > email, you are hereby notified that any review, dissemination, > > distribution, printing, copying or other use of the information in this > > email (or in any attachments) is strictly prohibited. If you have received > > this email in error or by mistake, then (i) immediately notify us that you > > have received this email in error by replying to this email or by > > telephoning 212-830-5200 and (ii) immediately thereafter, delete this email > > (and all attachments) and any copies of it. We reserve the right to > > monitor, review and retain the content of all email communications sent and > > received by us. > > > > > > > > Reich & Tang Deposit Networks, LLC, Reich & Tang Deposit Solutions, LLC and > > Total Deposit Solutions, LLC (each d/b/a R&T; Deposit Solutions) and Stable > > Custody Group II LLC (“Stable”), each a Delaware limited liability company, > > and/or their affiliates (together, “R&T;”) provide administrative, > > recordkeeping, agency and/or other services to banks, credit unions, trust > > companies, wealth management firms, broker-dealers and other institutions > > with respect to deposit placement and sweep programs, including the Demand > > Deposit Marketplace® (DDM®) program administered by Stable and the R&T; > > Insured Deposits (RTID®) programs, as well as other services. R&T;’s > > services are provided subject to the terms and conditions of the written > > agreements entered between R&T; and its client with respect to those > > service, and R&T; provides no representations or warranties, express or > > implied, except as expressly set forth in those written agreements. Click > > here <https://rnt.com/disclosure/> for R&T;’s legal and other disclosures. > > R&T; is not an FDIC or NCUA-insured institution. FDIC and NCUA deposit > > insurance only covers the failure of an FDIC or NCUA-insured institution, > > respectively. Certain conditions must be satisfied for FDIC and NCUA > > pass-through deposit insurance coverage to apply. Click here > > <https://rnt.com/about/bank-lists/> for a list of the FDIC and NCUA-insured > > institutions with which R&T; has a business relationship for the placement > > of deposits under the DDM and RTID programs, and into which a participating > > institution may place deposits (subject to the program terms and conditions > > and any opt-outs by the participating institution and/or its customers). > > While the DDM and RTID programs provide access to an expanded level of FDIC > > or NCUA insurance coverage on funds placed into deposit accounts at FDIC or > > NCUA-insured institutions under the programs (up to the program limit and > > subject to program terms and FDIC and NCUA laws and regulations, including > > pass-through insurance coverage requirements), the DDM and RTID programs, > > themselves, as well as R&T;’s other service offerings (including LMS, FPL > > and R&T; Bank Monitor), are not insured or guaranteed by the FDIC or NCUA, > > are not deposits, and may lose value in certain circumstances as described > > in the program/service terms. R&T; is not a division of the FDIC or NCUA, > > R&T; is not associated with the FDIC or NCUA and R&T; is not insured by the > > FDIC or NCUA. For more information about R&T;, please visit our website at > > https://www.rnt.com <https://www.rnt.com/>. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org > For additional commands, e-mail: users-h...@qpid.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org For additional commands, e-mail: users-h...@qpid.apache.org
