Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Current versions of the broker make use of SSL encryption to secure their RMI based JMX ConnectorServer for security purposes. This ships enabled by default, although the test SSL keystore used during development is not provided for security reasons (using this would provide no security as anyone could have access to it).

Broker Configuration

The broker , and so the configuration must be updated before the broker will start. This can be down either by disabling the SSL support, utilizing a purchased SSL certificate to create a keystore of your own, or using the example 'create-example-ssl-stores' script in the brokers bin/ directory to generate a self-signed keystore.

...

No Format
<management>
    <ssl>
        <enabled>true</enabled>
        <!-- Update below path to your keystore location, eg ${conf}/qpid.keystore  -->
        <keyStorePath>${prefix}/../test_resources/ssl/keystore.jks</keyStorePath>
        <keyStorePassword>password</keyStorePassword>
    </ssl>
</management>

JMX Management Console Configuration

If the broker makes use of an SSL certificate signed by a known signing CA (Certification Authority), the management console needs no extra configuration, and will make use of Java's built-in CA
truststore for certificate verification (you may however have to update the system-wide default truststore if your CA is not already present in it).

...

Following this the configuration option can be updated to enabled use of the JMXMP based JMXConnectorServer.

...

Broker Configuration

To enabled this security option change the security-enabled value in your broker configuration file.

No Format
    <management>
        <security-enabled>true</security-enabled>
    </management>

JMX Management Console Configuration

If you wish to connect to a broker configured to use JMXMP then the console also requires provision of the Optional sections of the JMX Remote API that are not included within the JavaSE platform.

In order to make it available to the console, place the 'jmxremote_optional.jar' (rename the file if any additional information is present in the file name) jar file within the 'plugins/jmxremote.sasl_1.0.1/' folder of the console release (on Mac OS X you will need to select 'Show package contents' from the context menu whilst selecting the management console bundle in order to reveal the inner file tree).

Following the the console will automatically load the JMX Remote Optional classes and attempt the JMXMP connection when connecting to a JMXMP enabled broker.

User Accounts & Access Rights

...