All,
This is a follow on to my previous note POJO Example with http transport.
After getting HTTP working, I did the following to get HTTPS working:
Per various posts and pages for ActiveMQ, after adding the https
transportConnector (described in my previous note), I set up key and trust
stores:
In conf, deleted existing broker-localhost and client keys in broker.ks,
broker.ts, client.ts, client.ks
Created new keys, signed, and added to key and truststores:
keytool -keystore broker.ks -alias broker-localhost -genkey -keyalg RSA
keytool -keystore broker.ks -alias broker-localhost -selfcert
keytool -keystore client.ks -alias client -genkey -keyalg RSA
keytool -keystore client.ks -alias client -selfcert
keytool -export -keystore broker.ks -alias broker-localhost -file
broker-localhost.cert
keytool -import -keystore client.ts -alias broker-localhost -file
broker-localhost.cert
keytool -export -keystore client.ks -alias client -file client.cert
keytool -import -keystore broker.ts -alias client -file client.cert
I assume that this will make the client and broker trust each other.
Modified common build to add runtime java system properties for client
keystore and truststore:
Edited common_build.xml to add to /project/macrodef[1]/sequential/java,
after <sysproperty key="java.util.logging.config.file"
value="${build.classes.dir}/logging.properties"/>, the following:
<sysproperty key="javax.net.ssl.keyStore"
value="C:\progress\fuse-message-broker-5.3.0.5\conf\client.ks"/>
<sysproperty key="javax.net.ssl.keyStorePassword" value="password"/>
<sysproperty key="javax.net.ssl.trustStore"
value="C:\progress\fuse-message-broker-5.3.0.5\conf\client.ts"/>
Granted, this is a rather contrived example and in a production
implementation we will probably not use self-signed certificates and
certainly will have different key and truststores, but it does at least
demonstrate the basic principles.
Have I left anything out?
Thanks,
Mike
--
View this message in context:
http://old.nabble.com/POJO-Example-with-https-transport-tp28198359p28198359.html
Sent from the Camel - Users mailing list archive at Nabble.com.
