...
Before starting the broker's VM set the ACTIVEMQ_SSL_OPTS enviorment OPTS environment variable so that it knows to use the broker keystore. (note that in previous versions of ActiveMQ this property was called SSL_OPTS in some scripts. As of v5.12.0 all scripts use ACTIVEMQ_SSL_OPTS)
Code Block |
export ACTIVEMQ_SSL_OPTS = -Djavax.net.ssl.keyStore=/path/to/broker.ks -Djavax.net.ssl.keyStorePassword=password
|
...
-
Export the client's certificate so it can be shared with broker:
Code Block |
keytool -export -alias client -keystore client.ks -file client_cert
|
-
Create a truststore for the broker, and import the client's certificate. This establishes that the broker "trusts" the client:
Code Block |
keytool -import -alias client -keystore broker.ts -file client_cert |
-
Add
Code Block |
-Djavax.net.ssl.trustStore=/path/to/broker.ts |
to ACTIVEMQ_SSL_OPTS
-
Instruct ActiveMQ to require client authentication by setting the following in activemq.xml:
Code Block |
<transportConnectors>
<transportConnector name="ssl" uri="ssl://localhost:61617?needClientAuth=true" />
</transportConnectors> |
...