I had posted a different question and now I’m editing it because I managed to do what I was achieving at first. Using “How do I use SSL” I set up my ActiveMQ Broker accepting SSL connections and I was trying to implement a client to test the communication. I figured out that I could do this by setting the system properties:
static {
System.setProperty("javax.net.ssl.keyStore", "/home/amq/SSL/client.ks");
System.setProperty("javax.net.ssl.keyStorePassword", "password");
System.setProperty("javax.net.ssl.trustStore", "/home/amq/SSL/client.ts");
}
The problems I was having were in the creation of the keystores/truststores and exporting the broker certificate. When I deleted the .ks and .ts files and re-did everything as explained in “How do I use SSL” it worked.
My new question is: How can I establish a connection without the need of creating a keystore for the client and importing the broker’s certificate?
I am looking for a way to accept any certificate that the broker sends me. In this link I found a way setting an URI option:
ssl://localhost:61617?transport.acceptInvalidBrokerCert=true
but it’s not working for me. From the moment I append “?transport.acceptInvalidBrokerCert=true” in my URI or URL string the method stops working, and I no longer can establish a connection.
Can anyone provide me with an example of a java or c++ client that connects to an ActiveMQ broker using SSL without importing the broker’s certificate, or in other words, accepting any invalid certificate?
The URI flag you are referencing is only valid for .NET clients using NMS.ActiveMQ the C++ and Java clients don’t have this setting. There is a way in the C++ client to do this, you must set a system property as follows before creating the Connection.
The easiest way to get the ssl certs working without these testing options is to create a root certificate and then create the broker cert with you root certificate and add the root certificate to the client’s trust store that way any broker with a cert signed by your root cert will be trusted.