Connecting to ActiveMQ using SSL

You can configure the probe to communicate with ActiveMQ that uses a Secure Socket Layer (SSL) encrypted connection. A Java keystore file is required for this connection that you create using the Java keytool command.

To connect to ActiveMQ using an SSL connection:

Determining the SSL port and certificate from the Active MQ system

To determine the SSL port that ActiveMQ uses and export the SSL certificate, use the following steps:

  1. Log in to the system that hosts ActiveMQ and open the following file:

    $ACTIVEMQ_HOME/conf/activemq.xml

    Where $ACTIVEMQ_HOME is the installation directory of ActiveMQ.

  2. In activemq.xml, locate the section beginning with the <amq:transportConnections> element. For example:
    <amq:transportConnectors>
    <amq:transportConnector uri="ssl://localhost:61616" />
    </amq:transportConnectors>
  3. Note the port number (in this example, 61616) in the uri attribute of the <amq:transportConnector> element and close the file.
  4. Check what the alias of the certificate (broker.ks) is:

    keytool -list -v -keystore broker.ks

  5. Locate the SSL certificate and export that to a file using the following command:

    keytool -export -alias broker -keystore broker.ks -file broker_certs

    This creates file named broker_certs that contains the SSL certificate.

Importing the SSL certificate and enable the SSL connection

To import the SSL certificate and enable SSL communications on the probe, use the following steps:

  1. Copy the broker_cert file to the following location on the system running the probe:

    $NCHOME/platform/arch/jre-directory/lib/security

    Where arch is a variable that represents your operating system directory and jre-directory is the name of the directory that contains the Java Runtime Environment. For example:

    $NCHOME/platform/solaris2/jre_1.5.6/lib/security

  2. Import the SSL certificate:

    keytool -import -alias broker -keystore cacerts -file broker_cert -storepass storepassword

    Where storepassword is the password for the certificate store (cacerts).

  3. Edit the jmsTransport.props file to define the SSL connection:
    1. Edit the file $NCHOME/java/confjmsTransport.props.
    2. Set the value of the providerURL property as follows:

      providerURL = ssl://activemqurl:port

      Where activemqurl is the URL of the ActiveMQ system and port is the port number that the ActiveMQ system uses for SSL connections.

    3. Save the file.