I just noticed that you said you were attempting to connect to Artemis in Wildfly, and I believe that's going to be a 1.5.x version (or perhaps earlier) without this new feature.
FWIW whether you set the values in system properties on the command line or programmatically or whether you configure the default SSL context the keystore and truststore passwords are going to reside on the machine in plain text. I'm not sure there's any way to get around that. Justin ----- Original Message ----- From: "Justin Bertram" <jbert...@apache.org> To: users@activemq.apache.org Sent: Tuesday, June 6, 2017 3:35:11 PM Subject: Re: NettyConnector explicitly initializes SSLContext instead of using default What version are you using? There is an option in 2.1 to use the default SSL context. See https://issues.apache.org/jira/browse/ARTEMIS-590. Justin ----- Original Message ----- From: "mevans7" <mark.ev...@morpho.com> To: users@activemq.apache.org Sent: Tuesday, June 6, 2017 3:17:43 PM Subject: NettyConnector explicitly initializes SSLContext instead of using default BOTTOM LINE: I need a secure way to initialize the SSLContext in org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector. (No keystore password in system properties.) USE CASE: I'm trying to configure a client to read JMS messages from Wildfly using SSL. This works ONLY if I specify these either with -D or System.setProperty(): -Djavax.net.ssl.keyStore=<my-keystore-file-path> -Djavax.net.ssl.keyStorePassword=<my-key-pass> -Djavax.net.ssl.trustStore=<my-truststore-file-path> -Djavax.net.ssl.trustStorePassword=<my-trust-pass> My problem is this: for security purposes, I cannot put the password in the System properties. (These are too easy to dump out using various tools.) So, I programatically initialize the default SSLContext. BUT, NettyConnector does not use the default SSLContext. It explicitly reads the above properties and creates its own SSLContext. QUESTION: - How can I securely pass the truststore and keystore passwords to NettyConnector? - Why doesn't NettyConnector just use the default SSLContext, which can be configured with the same system parameters as above? -- View this message in context: http://activemq.2283324.n4.nabble.com/NettyConnector-explicitly-initializes-SSLContext-instead-of-using-default-tp4727120.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
