= SSL The next interesting security related topic is encrypting transport layer using SSL. Both ActiveMQ and Artemis leverage JDK's Java Secure Socket Extension (JSSE), so things should be easy to migrate. Let's recap quickly how SSL is used in ActiveMQ. First, you need to define the _SSL Context_. You can do that using `` configuration section in `conf/activemq.xml`, like [,xml] ---- ---- The SSL context defines key and trust stores to be used by the broker. After this, you set your transport connector with the `ssl` schema and preferably some additional options. [,xml] ---- ---- These options are related to https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLServerSocket.html[SSLServerSocket] and are specified as URL parameters with the `transport.` prefix, like `needClientAuth` shown in the example above. In Artemis, Netty is responsible for all things related to the transport layer, so it handles SSL for us as well. All configuration options are set directly on the acceptor, like [,xml] ---- tcp://localhost:61617?sslEnabled=true;keyStorePath=${data.dir}/../etc/broker.ks;keyStorePassword=password;needClientAuth=true ---- Note that we used the same Netty connector schema and just added `sslEnabled=true` parameter to use it with SSL. Next, we can go ahead and define key and trust stores. There's a slight difference in parameter naming between two brokers, as shown in the table below. |=== | ActiveMQ | Artemis | keyStore | keyStorePath | keyStorePassword | keyStorePassword | trustStore | trustStorePath | trustStorePassword | trustStorePassword |=== Finally, you can go and set all other `SSLServerSocket` parameters you need (like `needClientAuth` in this example). There's no extra prefix needed for this in Artemis. It's important to note that you should be able to reuse your existing key and trust stores and just copy them to the new broker.