THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
C++ broker (M4 and up)
- You need to get a certificate signed by a CA, trusted by your client.
...
- Setting up the certificates for testing.
- For testing purposes you could use the
- to setup your certificates.
- In summary you need to create a root CA and import it to the brokers certificate data base.
- Create a certificate for the broker, sign it using the root CA and then import it into the brokers
- certificate data base.
- Load the acl module using --load-module or if loading more than one module, copy ssl.so to the location pointed by --module-dir
Code Block Ex if running from source. ./qpidd --load-module /libs/ssl.so
- Specify the password file (a plain text file with the password), certificated certificate database and the server side database brokers certificate name using the following options
Code Block Ex ./qpidd ... --ssl-cert-password-file ~/pfile --ssl-cert-db ~/server_db/ --ssl-cert-name localhost.localdomain
...
Code Block |
---|
./qpidd ./qpidd --load-module /libs/ssl.so --ssl-cert-password-file ~/pfile --ssl-cert-db ~/server_db/ --ssl-cert-name localhost.localdomain --ssl-require-client-authentication
|
Java Client (M4 and up)
- This guide is for connecting with the Qpid c++ broker.
- Setting up the certificates for testing. In summary,
- You need to import the trusted CA in your trust store and keystore
- Generate keys for the certificate in your key store
- Create a certificate request using the generated keys
- Create a certficate using the request, signed by the trusted CA.
- Import the signed certificate into your keystore.
- Pass the following JVM argumenet arguments to your client.
Code Block -Djavax.net.ssl.keyStore=/home/bob/ssl_test/keystore.jks -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.trustStore=/home/bob/ssl_test/certstore.jks -Djavax.net.ssl.trustStorePassword=password