Hi Dejan, Yes, I'm sorry if I wasn't clear, but I am well aware of that section for configuring the server side of ssl transportConnector. I was looking for more clarity on the client side. Activemq is bundled with client.ts and client.ks, and as far as I can tell, those files aren't referenced anywhere by anything else.
Since writing my original question, I think I have figured out enough of this that now I just need to try some more experiments to confirm my understanding. Thanks, Jim On Tue, May 4, 2010 at 5:47 AM, Dejan Bosanac <de...@nighttale.net> wrote: > Hi Jim. > > you can notice > > <sslContext> > <sslContext keyStore="file:${activemq.base}/conf/broker.ks" > keyStorePassword="password" > trustStore="file:${activemq.base}/conf/broker.ts" > trustStorePassword="password"/> > </sslContext> > > in activemq-demo.xml which is used to configure locations and passwords for > key and trust stores. > > Cheers > -- > Dejan Bosanac - http://twitter.com/dejanb > > Open Source Integration - http://fusesource.com/ > ActiveMQ in Action - http://www.manning.com/snyder/ > Blog - http://www.nighttale.net > > > On Sun, May 2, 2010 at 11:26 PM, Jim Lloyd <jll...@silvertailsystems.com > >wrote: > > > We have a relative simple topology where there are a few machines > > configured > > as network of brokers. Each machine has one broker, and then one or more > > activemq client applications. Each client only connects to the broker on > > local host. Every broker statically connects to every other broker. > > > > We have a requirement that all traffic on the wire be encrypted, so we > are > > using SSL for the network connectors between brokers. The local traffic > > between the clients and the localhost broker uses plaintext openwire, > i.e. > > a > > tcp transport. > > > > The relative section from the .conf file looks something like this: > > > > <networkConnectors> > > <networkConnector name="superman-to-batman" > > uri="static:(ssl://batman:24001)"/> > > <networkConnector name="superman-to-flash" > > uri="static:(ssl://flash:24001)"/> > > </networkConnectors> > > > > <transportConnectors> > > <transportConnector name="open" uri="tcp://127.0.0.1:24002" > /> > > <transportConnector name="ssl" uri="ssl://0.0.0.0:24001" /> > > </transportConnectors> > > > > For testing purposes we have been using the demo broker.ks, broker.ts, > > client,ks, client.ts files that ship with activemq. We now want to > generate > > our own files. I've read > > how-do-i-use-ssl<http://activemq.apache.org/how-do-i-use-ssl.html> but > > there is something mysterious to me that I want to understand. > > > > I see in activemq-demo.xml where the broker.ks and broker.ts files are > > configured, but I don't see where client.ks and client.ts are configured. > > These files are referenced in > > how-do-i-use-ssl<http://activemq.apache.org/how-do-i-use-ssl.html>, > > where it says: > > > > When starting the client's VM, specify the following system properties: > > > > javax.net.ssl.keyStore=/path/to/client.ks > > javax.net.ssl.keyStorePassword=password > > javax.net.ssl.trustStore=/path/to/client.ts > > > > > > However, we never did this to our configuration, and I can't find where > it > > might have been done for us in the default configuration. > > > > So, all this boils down to the simple question: how does > activemq-demo.xml > > work? Where is client.ks and client.ts configured for this demo? > > > > Thanks, > > Jim Lloyd > > >