To support SSL/TLS security in Java clients, Apache ActiveMQ provides the
org.apache.activemq.ActiveMQSslConnectionFactory
class. Use the
ActiveMQSslConnectionFactory
class in place of the insecure
ActiveMQConnectionFactory
class in order to enable SSL/TLS security in your
clients.
The ActiveMQConnectionFactory
class exposes the following methods for
configuring SSL/TLS security:
setTrustStore(String)
Specifies the location of the client's trust store file, in JKS format (as managed by the Java
keystore
utility).setTrustStorePassword(String)
Specifies the password that unlocks the client trust store.
setKeyStore(String)
(Optional) Specifies the location of the client's own X.509 certificate and private key in a key store file, in JKS format (as managed by the Java
keystore
utility). Clients normally do not need to provide their own certificate, unless the broker SSL/TLS configuration specifies that client authentication is required.setKeyStorePassword(String)
(Optional) Specifies the password that unlocks the client key store. This password is also used to decrypt the private key from in the key store.
![]() | Note |
---|---|
For more advanced applications, |
Location strings passed to the setTrustStore
and setKeyStore
methods can have either of the following formats:
A pathname—where no scheme is specified, for example,
/conf/client.ts
. In this case the resource is loaded from the classpath, which is convenient to use when the client and its certificates are packaged in a JAR file.A Java URL—where you can use any of the standard Java URL schemes, such as
http
orfile
. For example, to reference the file,C:\ActiveMQ\conf\client.ts
, in the filesystem on a Windows O/S, use the URL,file:///C:/ActiveMQ/conf/client.ts
.
Example 1.1 shows an example of how to initialize a
message producer client in Java, where the message producer connects to the broker using the
SSL/TLS protocol. The key step here is that the client uses the
ActiveMQSslConnectionFactory
class to create the connection, also setting the
trust store and trust store password (no key store is required here, because we are assuming
that the broker port does not require client authentication).
Example 1.1. Java Client Using the ActiveMQSslConnectionFactory Class
// Java
import javax.jms.Connection;
import javax.jms.Destination;
import javax.jms.MessageProducer;
import javax.jms.Session;
import org.apache.activemq.ActiveMQSslConnectionFactory;
...
String url = "ssl://localhost:61617" // The broker URL
// Configure the secure connection factory.
ActiveMQSslConnectionFactory connectionFactory = new ActiveMQSslConnectionFactory(url);
connectionFactory.setTrustStore("/conf/client.ts");
connectionFactory.setTrustStorePassword("password");
// Create the connection.
Connection connection = connectionFactory.createConnection();
connection.start();
// Create the session
Session session = connection.createSession(transacted, Session.AUTO_ACKNOWLEDGE);
Destination destination = session.createQueue(subject);
// Create the producer.
MessageProducer producer = session.createProducer(destination);