activemq.xml - configuring SSL context

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

activemq.xml - configuring SSL context

Martin Lichtin
Hi All

Configuring the broker SSL context with

     <sslContext>
       <sslContext keyStore="mycert.jks" keyStorePassword="mypass" />
     </sslContext>

seems quite rigid and the password a security issue.
Is there a better way to do this? I couldn't really find a solution looking at the XSD.

For example, using a bean to offer the SSLContext

   <bean id="mySslContext" class="pack.age.MySslContext" />

and then referring to it

     <sslContext>
       <sslContext useContext="#mySslContext" />
     </sslContext>

Just an idea. I'm hoping there are other, already available, solutions.

- Martin

Reply | Threaded
Open this post in threaded view
|

Re: activemq.xml - configuring SSL context

brusdev
Hi Martin,

what about using system properties:

     <sslContext>
       <sslContext keyStore="${xxx.keyStore}"
keyStorePassword="${xxx.keyStorePassword}" />
     </sslContext>

Regards,
Domenico



--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Reply | Threaded
Open this post in threaded view
|

Re: activemq.xml - configuring SSL context

jbonofre
In reply to this post by Martin Lichtin
Hi,

It’s also possible to pass SSL configuration via the system properties.

Regards
JB

> Le 25 mars 2020 à 09:18, Martin Lichtin <[hidden email]> a écrit :
>
> Hi All
>
> Configuring the broker SSL context with
>
>     <sslContext>
>       <sslContext keyStore="mycert.jks" keyStorePassword="mypass" />
>     </sslContext>
>
> seems quite rigid and the password a security issue.
> Is there a better way to do this? I couldn't really find a solution looking at the XSD.
>
> For example, using a bean to offer the SSLContext
>
>   <bean id="mySslContext" class="pack.age.MySslContext" />
>
> and then referring to it
>
>     <sslContext>
>       <sslContext useContext="#mySslContext" />
>     </sslContext>
>
> Just an idea. I'm hoping there are other, already available, solutions.
>
> - Martin
>