Connecting to ActiveMQ using SSL
You can configure the probe to communicate with ActiveMQ
that uses a Secure Socket Layer (SSL) encrypted connection. A Java
keystore file is required for this connection that you create using
the Java keytool
command.
Determining the SSL port and certificate from the Active MQ system
To determine the SSL port that ActiveMQ uses and export the SSL certificate, use the following steps:
- Log in to the system that hosts ActiveMQ and open the following
file:
$ACTIVEMQ_HOME/conf/activemq.xml
Where
$ACTIVEMQ_HOME
is the installation directory of ActiveMQ. - In activemq.xml, locate the section beginning
with the
<amq:transportConnections>
element. For example:<amq:transportConnectors> <amq:transportConnector uri="ssl://localhost:61616" /> </amq:transportConnectors>
- Note the port number (in this example, 61616) in the
uri
attribute of the<amq:transportConnector>
element and close the file. - Check what the alias of the certificate (broker.ks)
is:
keytool -list -v -keystore broker.ks
- Locate the SSL certificate and export that to a file using the
following command:
keytool -export -alias broker -keystore broker.ks -file broker_certs
This creates file named broker_certs that contains the SSL certificate.
Importing the SSL certificate and enable the SSL connection
To import the SSL certificate and enable SSL communications on the probe, use the following steps:
- Copy the broker_cert file to the following
location on the system running the probe:
$NCHOME/platform/arch/jre-directory/lib/security
Where
arch
is a variable that represents your operating system directory andjre-directory
is the name of the directory that contains the Java Runtime Environment. For example:$NCHOME/platform/solaris2/jre_1.5.6/lib/security
- Import the SSL certificate:
keytool -import -alias broker -keystore cacerts -file broker_cert -storepass storepassword
Where
storepassword
is the password for the certificate store (cacerts
). - Edit the jmsTransport.props file to define
the SSL connection:
- Edit the file $NCHOME/java/confjmsTransport.props.
- Set the value of the providerURL property
as follows:
providerURL = ssl://activemqurl:port
Where activemqurl is the URL of the ActiveMQ system and port is the port number that the ActiveMQ system uses for SSL connections.
- Save the file.