BOTTOM LINE: I need a secure way to initialize the SSLContext in org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector. (No keystore password in system properties.)
USE CASE: I'm trying to configure a client to read JMS messages from Wildfly using SSL. This works ONLY if I specify these either with -D or System.setProperty(): -Djavax.net.ssl.keyStore=<my-keystore-file-path> -Djavax.net.ssl.keyStorePassword=<my-key-pass> -Djavax.net.ssl.trustStore=<my-truststore-file-path> -Djavax.net.ssl.trustStorePassword=<my-trust-pass> My problem is this: for security purposes, I cannot put the password in the System properties. (These are too easy to dump out using various tools.) So, I programatically initialize the default SSLContext. BUT, NettyConnector does not use the default SSLContext. It explicitly reads the above properties and creates its own SSLContext. QUESTION: - How can I securely pass the truststore and keystore passwords to NettyConnector? - Why doesn't NettyConnector just use the default SSLContext, which can be configured with the same system parameters as above? -- View this message in context: http://activemq.2283324.n4.nabble.com/NettyConnector-explicitly-initializes-SSLContext-instead-of-using-default-tp4727120.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
