Hi JB This is for LDAP uri, not for local files. Nevertheless, I gave it a try but it failed:
<property name="SSLCertStores" value="/test/.keystore" /> log snippet: Caused by: com.ibm.msg.client.jms.DetailedJMSException: JMSFMQ1006: The value '/test/.keystore' for property 'CertStore URI protocol' is not valid. The value specified for the property is not supported. Modify the value to be within the range of accepted values. Thanks Oli ________________________________________ Von: Jean-Baptiste Onofré <[email protected]> Gesendet: Mittwoch, 16. Dezember 2015 08:42 An: [email protected] Betreff: Re: AW: jms:create and configure WebsphereMQ with SSL SSLCertStores also accept a String: setSSLCertStores(java.lang.String stores) Specifies a list of LDAP servers used for certificate revocation list (CRL) checking. Regards JB On 12/16/2015 08:38 AM, Oliver Wulff wrote: > Hi JB > > SSLCertStores is a collection of CertStore objects. I've tried this but it > didn't work: > > <property name="SSLCertStores"> > <list> > <value>/test/.keystore</value> > </list> > </property> > > I don't want to use the default JSSE settings within karaf as it can affect > other components. Also CXF creates custom SSLSocketFactory instances based on > the conduit definition. > > Initially, I just want to get it running. An idea could be to have support in > Karaf an SSLSocketFactory Manager which can be administered through the karaf > shell and referenced where ever required. > > Thanks > Oli > > ________________________________________ > Von: Jean-Baptiste Onofré <[email protected]> > Gesendet: Mittwoch, 16. Dezember 2015 08:08 > An: [email protected] > Betreff: Re: jms:create and configure WebsphereMQ with SSL > > Hi Oli, > > you can directly specify the key store, etc on the > MQQueueConnectionFactory (coming from MQConnectionFactory): > > <property name="SSLCertStore" value="/path/to/keystore.jks"/> > <property name="SSLCipherSuite" value="..."/> > etc > > The SSLSocketFactory can be null, if that case, the JSSE default > SSLSocketFactory is used. > > So, updating the blueprint should work (AFAIR, I already used this way > for a customer). > > Regards > JB > > On 12/15/2015 09:35 PM, Oliver Wulff wrote: >> Hi there >> >> >> I could successfully create a QueueConnectionFactory with jms:create and >> could successfully connect to the Websphere MQ server running remotely. >> The jms:create creates the following blueprint: >> >> >> <bean id="wmqConnectionFactory" >> class="com.ibm.mq.jms.MQQueueConnectionFactory"> >> <property name="transportType" value="1" /> >> <property name="hostName" value="localhost" /> >> <property name="port" value="19420" /> >> <property name="queueManager" value="AAQ1DM4" /> >> <property name="channel" value="AAQ1DM4.CLIENT.WAS1" /> >> </bean> >> >> >> I'm trying now to connect securely to Websphere MQ broker but I'm >> struggeling because the class com.ibm.mq.jms.MQQueueConnectionFactory >> provides the option to set an SSLSocketFactory only. >> >> >> https://www-01.ibm.com/support/knowledgecenter/SSFKSJ_7.5.0/com.ibm.mq.javadoc.doc/WMQJMSClasses/com/ibm/mq/jms/MQConnectionFactory.html >> >> >> Initially I started creating an SSLSocketFactory with Blueprint bean >> definition but it's hacky, IMHO. >> >> >> I like to define this kind of configurations outside of the camel routes >> I deploy into Karaf but need your advise what the best approach might >> be. Maybe we can extend the jms commands to support SSL as well - also >> for ActiveMQ. >> >> >> Thanks >> >> Oli >> > > -- > Jean-Baptiste Onofré > [email protected] > http://blog.nanthrax.net > Talend - http://www.talend.com > -- Jean-Baptiste Onofré [email protected] http://blog.nanthrax.net Talend - http://www.talend.com
