Robbie Gemmell
commit
5db3d988ad
|
|
@ -85,7 +85,7 @@ under the License.
|
|||
<ignore>${noServer}</ignore>
|
||||
<spawn>true</spawn>
|
||||
<location>${basedir}/target/server1</location>
|
||||
<testURI>tcp://localhost:5771?sslEnabled=true;trustStorePath=target/server1/etc/server-ca-truststore.jks&trustStorePassword=securepass</testURI>
|
||||
<testURI>tcp://localhost:5771?sslEnabled=true;trustStorePath=target/server1/etc/server-ca-truststore.p12&trustStorePassword=securepass</testURI>
|
||||
<args>
|
||||
<param>run</param>
|
||||
</args>
|
||||
|
|
@ -101,7 +101,7 @@ under the License.
|
|||
<spawn>true</spawn>
|
||||
<ignore>${noServer}</ignore>
|
||||
<location>${basedir}/target/server0</location>
|
||||
<testURI>tcp://localhost:5671?sslEnabled=true;trustStorePath=target/server0/etc/server-ca-truststore.jks&trustStorePassword=securepass</testURI>
|
||||
<testURI>tcp://localhost:5671?sslEnabled=true;trustStorePath=target/server0/etc/server-ca-truststore.p12&trustStorePassword=securepass</testURI>
|
||||
<args>
|
||||
<param>run</param>
|
||||
</args>
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ public class BrokerConnectionSenderSSL {
|
|||
|
||||
public static void main(final String[] args) throws Exception {
|
||||
Connection connectionOnServer0 = null;
|
||||
ConnectionFactory connectionFactoryServer0 = new JmsConnectionFactory("amqps://localhost:5671?transport.trustStoreLocation=target/server0/etc/server-ca-truststore.jks&transport.trustStorePassword=securepass");
|
||||
ConnectionFactory connectionFactoryServer0 = new JmsConnectionFactory("amqps://localhost:5671?transport.trustStoreLocation=target/server0/etc/server-ca-truststore.p12&transport.trustStorePassword=securepass");
|
||||
|
||||
// Step 1. Create a connection on server0, and send a few messages
|
||||
try {
|
||||
|
|
@ -58,7 +58,7 @@ public class BrokerConnectionSenderSSL {
|
|||
// Step 2. create a connection on server1, and receive a few messages.
|
||||
// the sender on the broker conneciton will take care of the transfer.
|
||||
Connection connectionOnServer1 = null;
|
||||
ConnectionFactory connectionFactoryServer1 = new JmsConnectionFactory("amqps://localhost:5771?transport.trustStoreLocation=target/server0/etc/server-ca-truststore.jks&transport.trustStorePassword=securepass");
|
||||
ConnectionFactory connectionFactoryServer1 = new JmsConnectionFactory("amqps://localhost:5771?transport.trustStoreLocation=target/server1/etc/server-ca-truststore.p12&transport.trustStorePassword=securepass");
|
||||
|
||||
try {
|
||||
connectionOnServer1 = connectionFactoryServer1.createConnection();
|
||||
|
|
|
|||
|
|
@ -32,11 +32,11 @@ under the License.
|
|||
<acceptors>
|
||||
<!-- keystores will be found automatically if they are on the classpath -->
|
||||
<!-- The CORE protocol only used for artemis-maven-plugin verifying the server is up for example to start -->
|
||||
<acceptor name="netty-ssl-acceptor">tcp://localhost:5671?sslEnabled=true;keyStorePath=server-keystore.jks;keyStorePassword=securepass;protocols=AMQP,CORE</acceptor>
|
||||
<acceptor name="netty-ssl-acceptor">tcp://localhost:5671?sslEnabled=true;keyStorePath=server-keystore.p12;keyStorePassword=securepass;protocols=AMQP,CORE</acceptor>
|
||||
</acceptors>
|
||||
|
||||
<broker-connections>
|
||||
<amqp-connection uri="tcp://localhost:5771?sslEnabled=true;verifyHost=true;trustStorePath=server-ca-truststore.jks;trustStorePassword=securepass" name="otherBrokerSSL" retry-interval="1000">
|
||||
<amqp-connection uri="tcp://localhost:5771?sslEnabled=true;verifyHost=true;trustStorePath=server-ca-truststore.p12;trustStorePassword=securepass" name="otherBrokerSSL" retry-interval="1000">
|
||||
<sender address-match="#"/>
|
||||
</amqp-connection>
|
||||
</broker-connections>
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -32,7 +32,7 @@ under the License.
|
|||
<acceptors>
|
||||
<!-- keystores will be found automatically if they are on the classpath -->
|
||||
<!-- The CORE protocol only used for artemis-maven-plugin verifying the server is up for example to start -->
|
||||
<acceptor name="netty-ssl-acceptor">tcp://localhost:5771?sslEnabled=true;keyStorePath=server-keystore.jks;keyStorePassword=securepass;protocols=AMQP,CORE</acceptor>
|
||||
<acceptor name="netty-ssl-acceptor">tcp://localhost:5771?sslEnabled=true;keyStorePath=other-server-keystore.p12;keyStorePassword=securepass;protocols=AMQP,CORE</acceptor>
|
||||
</acceptors>
|
||||
|
||||
<!-- Other config -->
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -1,38 +1,55 @@
|
|||
# The various SSL stores and certificates were created with the following commands:
|
||||
# This can be run as a script by sourcing the file, e.g ". store-generation.txt"
|
||||
# Requires use of JDK 8+ keytool command.
|
||||
set -e
|
||||
|
||||
KEY_PASS=securepass
|
||||
STORE_PASS=securepass
|
||||
CA_VALIDITY=365000
|
||||
VALIDITY=36500
|
||||
SERVER_NAMES="san=dns:localhost"
|
||||
|
||||
# Clean up any existing files
|
||||
# ---------------------------
|
||||
rm -f *.crt *.csr *.keystore *.truststore
|
||||
rm -f src/main/resources/activemq/server0/*.keystore src/main/resources/activemq/server0/*.truststore
|
||||
rm -f src/main/resources/activemq/server1/*.keystore src/main/resources/activemq/server1/*.truststore
|
||||
# Clean up existing files
|
||||
# -----------------------
|
||||
rm -f *.crt *.csr *.p12
|
||||
rm -f src/main/resources/activemq/server0/*.keystore src/main/resources/activemq/server0/*.p12
|
||||
rm -f src/main/resources/activemq/server1/*.keystore src/main/resources/activemq/server1/*.p12
|
||||
|
||||
# Create a key and self-signed certificate for the CA, to sign certificate requests and use for trust:
|
||||
# Create a key and self-signed certificate for the CA, to sign server certificate requests and use for trust:
|
||||
# ----------------------------------------------------------------------------------------------------
|
||||
keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass activemqexample -keypass activemqexample -alias ca -genkey -keyalg "RSA" -keysize 2048 -dname "O=My Trusted Example Inc.,CN=my-example-ca.org" -validity 9999 -ext bc:c=ca:true
|
||||
keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass activemqexample -alias ca -exportcert -rfc > ca.crt
|
||||
keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias server-ca -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Server Certification Authority, OU=Artemis, O=ActiveMQ" -validity $CA_VALIDITY -ext bc:c=ca:true
|
||||
keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -exportcert -rfc > server-ca.crt
|
||||
|
||||
# Create a key pair, and sign it with the CA:
|
||||
# -------------------------------------------
|
||||
keytool -storetype pkcs12 -keystore activemq.example.keystore -storepass activemqexample -keypass activemqexample -alias broker -genkey -keyalg "RSA" -keysize 2048 -dname "O=Server,CN=localhost" -validity 9999 -ext bc=ca:false -ext eku=sA
|
||||
|
||||
keytool -storetype pkcs12 -keystore activemq.example.keystore -storepass activemqexample -alias broker -certreq -file broker.csr
|
||||
keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass activemqexample -alias ca -gencert -rfc -infile broker.csr -outfile broker.crt -validity 9999 -ext bc=ca:false -ext eku=sA
|
||||
|
||||
keytool -storetype pkcs12 -keystore activemq.example.keystore -storepass activemqexample -keypass activemqexample -importcert -alias ca -file ca.crt -noprompt
|
||||
keytool -storetype pkcs12 -keystore activemq.example.keystore -storepass activemqexample -keypass activemqexample -importcert -alias broker -file broker.crt
|
||||
|
||||
# Create trust store, import the CA cert:
|
||||
# Create trust store with the server CA cert:
|
||||
# -------------------------------------------------------
|
||||
keytool -storetype pkcs12 -keystore activemq.example.truststore -storepass activemqexample -keypass activemqexample -importcert -alias ca -file ca.crt -noprompt
|
||||
keytool -storetype pkcs12 -keystore server-ca-truststore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt
|
||||
|
||||
# Create a key pair for the server, and sign it with the CA:
|
||||
# ----------------------------------------------------------
|
||||
keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias server -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext $SERVER_NAMES
|
||||
|
||||
keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS -alias server -certreq -file server.csr
|
||||
keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -gencert -rfc -infile server.csr -outfile server.crt -validity $VALIDITY -ext bc=ca:false -ext $SERVER_NAMES
|
||||
|
||||
keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt
|
||||
keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server -file server.crt
|
||||
|
||||
# Create a key pair for the other server, and sign it with the CA:
|
||||
# ----------------------------------------------------------
|
||||
keytool -storetype pkcs12 -keystore other-server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias other-server -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Other Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext $SERVER_NAMES
|
||||
|
||||
keytool -storetype pkcs12 -keystore other-server-keystore.p12 -storepass $STORE_PASS -alias other-server -certreq -file other-server.csr
|
||||
keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -gencert -rfc -infile other-server.csr -outfile other-server.crt -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext $SERVER_NAMES
|
||||
|
||||
keytool -storetype pkcs12 -keystore other-server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt
|
||||
keytool -storetype pkcs12 -keystore other-server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias other-server -file other-server.crt
|
||||
|
||||
# Copy the stores into place
|
||||
cp activemq.example.truststore src/main/resources/activemq/server1/
|
||||
cp activemq.example.keystore src/main/resources/activemq/server1/
|
||||
cp server-ca-truststore.p12 src/main/resources/activemq/server0/
|
||||
cp server-keystore.p12 src/main/resources/activemq/server0/
|
||||
|
||||
cp activemq.example.truststore src/main/resources/activemq/server0/
|
||||
cp activemq.example.keystore src/main/resources/activemq/server0/
|
||||
cp server-ca-truststore.p12 src/main/resources/activemq/server1/
|
||||
cp other-server-keystore.p12 src/main/resources/activemq/server1/
|
||||
|
||||
# Clean up tmp files
|
||||
rm -f *.crt *.csr *.keystore *.truststore
|
||||
rm -f *.crt *.csr *.p12
|
||||
|
|
|
|||
Loading…
Reference in New Issue