THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
1. C++ broker (M4 and up)
2. Java Client
3. .Net Client
C++ broker (M4 and up)
- You need to get a certificate signed by a CA, trusted by your client.
...
- Load the acl module using --load-module or if loading more than one module, copy ssl.so to the location pointed by --module-dir
Code Block Ex if running from source. ./qpidd --load-module /libs/ssl.so
- Specify the password file (a plain text file with the password), certificate database and the brokers certificate name using the following options
Code Block Ex ./qpidd ... --ssl-cert-password-file ~/pfile --ssl-cert-db ~/server_db/ --ssl-cert-name localhost.localdomain
- If you require client authentication you need to add --ssl-require-client-authentication as a command line argument.
...
- Pass the following JVM arguments to your client.
Code Block -Djavax.net.ssl.keyStore=/home/bob/ssl_test/keystore.jks -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.trustStore=/home/bob/ssl_test/certstore.jks -Djavax.net.ssl.trustStorePassword=password
.Net Client (M4 and up)
- If the Qpid broker requires client authentication then you need to get a certificate signed by a CA, trusted by your client.
Use the connectSSL instead of the standard connect method of the client interface.
connectSSL signature is as follows:
Code Block |
---|
public void connectSSL(String host, int port, String virtualHost, String username, String password, String serverName, String certPath, bool rejectUntrusted) |
Where
- host: Host name on which a Qpid broker is deployed
- port: Qpid broker port
- virtualHost: Qpid virtual host name
- username: User Name
- password: Password
- serverName: Name of the SSL server
- certPath: Path to the X509 certificate to be used when the broker requires client authentication
- rejectUntrusted: If true connection will not be established if the broker is not trusted (the server certificate must be added in your truststore)