I tried this already but the URI prefix "file" is not supported. I worked around it and build a custom Factory bean for SSLSocketFactory. Then I used the factory-method attribute to create a SSLSocketFactory bean and assign it to the bean MQQueueConnectionFactory.
Nevertheless, this is not ideal and I think it would make sense to be able to configure a secure connection to Websphere MQ without having to implement the creation of the SSLSocketFactory. See my comment before: >>> An idea could be to have support in Karaf an SSLSocketFactory Manager which can be administered through the karaf shell and referenced where ever required. >>> WDYT? Thanks Oli ________________________________________ Von: Jean-Baptiste Onofré <[email protected]> Gesendet: Mittwoch, 16. Dezember 2015 10:13 An: [email protected] Betreff: Re: AW: AW: jms:create and configure WebsphereMQ with SSL AFAIR, you need a file URI, like file:/test/.keystore. Regards JB On 12/16/2015 09:03 AM, Oliver Wulff wrote: > Hi JB > > This is for LDAP uri, not for local files. Nevertheless, I gave it a try but > it failed: > > <property name="SSLCertStores" value="/test/.keystore" /> > > log snippet: > Caused by: com.ibm.msg.client.jms.DetailedJMSException: JMSFMQ1006: The value > '/test/.keystore' for property 'CertStore URI protocol' is not valid. > The value specified for the property is not supported. > Modify the value to be within the range of accepted values. > > Thanks > Oli > > ________________________________________ > Von: Jean-Baptiste Onofré <[email protected]> > Gesendet: Mittwoch, 16. Dezember 2015 08:42 > An: [email protected] > Betreff: Re: AW: jms:create and configure WebsphereMQ with SSL > > SSLCertStores also accept a String: > > setSSLCertStores(java.lang.String stores) > Specifies a list of LDAP servers used for certificate revocation list > (CRL) checking. > > Regards > JB > > On 12/16/2015 08:38 AM, Oliver Wulff wrote: >> Hi JB >> >> SSLCertStores is a collection of CertStore objects. I've tried this but it >> didn't work: >> >> <property name="SSLCertStores"> >> <list> >> <value>/test/.keystore</value> >> </list> >> </property> >> >> I don't want to use the default JSSE settings within karaf as it can affect >> other components. Also CXF creates custom SSLSocketFactory instances based >> on the conduit definition. >> >> Initially, I just want to get it running. An idea could be to have support >> in Karaf an SSLSocketFactory Manager which can be administered through the >> karaf shell and referenced where ever required. >> >> Thanks >> Oli >> >> ________________________________________ >> Von: Jean-Baptiste Onofré <[email protected]> >> Gesendet: Mittwoch, 16. Dezember 2015 08:08 >> An: [email protected] >> Betreff: Re: jms:create and configure WebsphereMQ with SSL >> >> Hi Oli, >> >> you can directly specify the key store, etc on the >> MQQueueConnectionFactory (coming from MQConnectionFactory): >> >> <property name="SSLCertStore" value="/path/to/keystore.jks"/> >> <property name="SSLCipherSuite" value="..."/> >> etc >> >> The SSLSocketFactory can be null, if that case, the JSSE default >> SSLSocketFactory is used. >> >> So, updating the blueprint should work (AFAIR, I already used this way >> for a customer). >> >> Regards >> JB >> >> On 12/15/2015 09:35 PM, Oliver Wulff wrote: >>> Hi there >>> >>> >>> I could successfully create a QueueConnectionFactory with jms:create and >>> could successfully connect to the Websphere MQ server running remotely. >>> The jms:create creates the following blueprint: >>> >>> >>> <bean id="wmqConnectionFactory" >>> class="com.ibm.mq.jms.MQQueueConnectionFactory"> >>> <property name="transportType" value="1" /> >>> <property name="hostName" value="localhost" /> >>> <property name="port" value="19420" /> >>> <property name="queueManager" value="AAQ1DM4" /> >>> <property name="channel" value="AAQ1DM4.CLIENT.WAS1" /> >>> </bean> >>> >>> >>> I'm trying now to connect securely to Websphere MQ broker but I'm >>> struggeling because the class com.ibm.mq.jms.MQQueueConnectionFactory >>> provides the option to set an SSLSocketFactory only. >>> >>> >>> https://www-01.ibm.com/support/knowledgecenter/SSFKSJ_7.5.0/com.ibm.mq.javadoc.doc/WMQJMSClasses/com/ibm/mq/jms/MQConnectionFactory.html >>> >>> >>> Initially I started creating an SSLSocketFactory with Blueprint bean >>> definition but it's hacky, IMHO. >>> >>> >>> I like to define this kind of configurations outside of the camel routes >>> I deploy into Karaf but need your advise what the best approach might >>> be. Maybe we can extend the jms commands to support SSL as well - also >>> for ActiveMQ. >>> >>> >>> Thanks >>> >>> Oli >>> >> >> -- >> Jean-Baptiste Onofré >> [email protected] >> http://blog.nanthrax.net >> Talend - http://www.talend.com >> > > -- > Jean-Baptiste Onofré > [email protected] > http://blog.nanthrax.net > Talend - http://www.talend.com > -- Jean-Baptiste Onofré [email protected] http://blog.nanthrax.net Talend - http://www.talend.com
