I should note that I've seen the discussion at
http://timbish.blogspot.com/2010/04/ussing-ssl-in-nmsactivemq.html but that
Tim uses a CA while I do not.
--
View this message in context:
http://activemq.2283324.n4.nabble.com/ActiveMQ-NMS-and-a-self-signed-SSL-server-certificate-tp4676964p4676965
Hello!
I'm trying to connect the ActiveMQ NMS client to a server with a
self-signed SSL certificate.
I've added the server certificate to Mono's "Trust", "My" and "CA"
truststores with `certmgr -add -c message-queue.crt` but the
connections still yield a SslPolicyErrors.RemoteCertificateChainErr
OK, I figured it out:
The solution is to join the cipher names with "%2C" instead of ",", like
this:
failover:(ssl://…?socket.enabledCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA%2CTLS_DHE_RSA_WITH_AES_256_CBC_SHA…)
Obvious in hindsight. :)
--
View this message in context:
http://activemq.228332
Found the answer: "ssl://…?socket.enabledCipherSuites=…"
Note: "socket" for the client, "transport" for the server/broker.
--
View this message in context:
http://activemq.2283324.n4.nabble.com/Setting-enabled-SSL-cipher-suites-in-ActiveMQ-clients-tp4665378p4665401.html
Sent from the ActiveMQ
It's possible to set the enabled SSL ciphers suites in the broker using a
connector URL like "ssl://…?transport.enabledCipherSuites=…".
How can I do the analogous configuration on the client side?
(I found some old discussions about this at
http://activemq.2283324.n4.nabble.com/How-to-specify-SSL
The syntax for failover URIs is failover:uri1,...,uriN.
How can one specify a composite URI that includes a comma?
For example:
I have this failover URI:
failover:(ssl://127.0.0.1:61616?keepAlive=true&socket.enabledCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_D
