Securing JMS queque

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Securing JMS queque

akshattandon
Hi

I am facing an issue while configuring ssl for JMS on apache service mix ,

I have configured the broker in its blueprint file

<bean id="jms" class="org.apache.camel.component.jms.JmsComponent">
                <property name="connectionFactory">
                        <bean class="org.apache.activemq.ActiveMQSslConnectionFactory">
                                  <property name="trustStore" value="C:/client.ts" />
                                  <property name="trustStorePassword" value="abc" />
                                  <property name="keyStore" value="C:/broker.ks" />
                                  <property name="keyStorePassword" value="password" />
                                  <property name="brokerURL" value="nio+ssl://localhost:61617?trace=true" />
                                  <property name="userName" value="smx" /> 
                                  <property name="password" value="smx" />
                        </bean>
                </property>
        </bean>

along with it i have configured activemq.xml with following entries

        <sslContext>
                        <sslContext
                          keyStore="C:/broker.ks" keyStorePassword="abc"
                          trustStore="C:/client.ts" trustStorePassword="abc" />
                </sslContext>
        <transportConnectors>
             
                          <transportConnector name="openwire" uri="nio+ssl://localhost:61617?trace=true&amp;needClientAuth=true&amp;maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
        </transportConnectors>


the broker is started sucessfully and started publishing on
Publishing: nio+ssl://127.0.0.1:61617 for broker transport URI: nio+ssl://127.0.0.1:61617?trace=true&needClientAuth=true&maximumConnections=1000&wireFormat.maxFrameSize=104857600

but somehow connections are created on tcp
and being displayed like following

tcp://127.0.0.1:49881


can someone guide us how to make the connection as ssl as well

 

Reply | Threaded
Open this post in threaded view
|

Re: Securing JMS queque

Matt Pavlovich-2
This "tcp://127.0.0.1:49881” looks like the client-side port, which is standard for TCP/IP client-server traffic. If you have confirmed that messages are moving, than you should feel confident that SSL is working.  if you want to validate with complete certainty, open a network sniffer and you should see the traffic is encrypted.

On Aug 13, 2014, at 6:29 AM, akshattandon <[hidden email]> wrote:

> Hi
>
> I am facing an issue while configuring ssl for JMS on apache service mix ,
>
> I have configured the broker in its blueprint file
>
> <bean id="jms" class="org.apache.camel.component.jms.JmsComponent">
> <property name="connectionFactory">
> <bean class="org.apache.activemq.ActiveMQSslConnectionFactory">
>  <property name="trustStore" value="C:/client.ts" />
>  <property name="trustStorePassword" value="abc" />
>  <property name="keyStore" value="C:/broker.ks" />
>  <property name="keyStorePassword" value="password" />
>  <property name="brokerURL"
> value="nio+ssl://localhost:61617?trace=true" />
>  <property name="userName" value="smx" />
>  <property name="password" value="smx" />
> </bean>
> </property>
> </bean>
>
> along with it i have configured activemq.xml with following entries
>
> <sslContext>
> <sslContext
>  keyStore="C:/broker.ks" keyStorePassword="abc"
>  trustStore="C:/client.ts" trustStorePassword="abc" />
> </sslContext>
>        <transportConnectors>
>
>  <transportConnector name="openwire"
> uri="nio+ssl://localhost:61617?trace=true&amp;needClientAuth=true&amp;maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
>        </transportConnectors>
>
>
> the broker is started sucessfully and started publishing on
> Publishing: nio+ssl://127.0.0.1:61617 for broker transport URI:
> nio+ssl://127.0.0.1:61617?trace=true&needClientAuth=true&maximumConnections=1000&wireFormat.maxFrameSize=104857600
>
> but somehow connections are created on tcp
> and being displayed like following
>
> tcp://127.0.0.1:49881
>
>
> can someone guide us how to make the connection as ssl as well
>
>
>
>
>
>
>
> --
> View this message in context: http://activemq.2283324.n4.nabble.com/Securing-JMS-queque-tp4684509.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|

Re: Securing JMS queque

artnaseef
One question - where is the tcp:// address "seen"?

As long as there are no "tcp:" nor "nio:" transports configured on the broker, there is no way for a client to connect without SSL.  If they try, the server logs an error about improper SSL handshake and suggests a "plain-text" connection was attempted.

Check the webconsole or via JMX to confirm the only connector is the nio+ssl connector.

On the client side, make sure all clients use ssl:// for the URL.