2

After enforcing strict transport security in a server, it is also forcing https into port 8161 for activemq which of course makes it fail.

I followed this instructions to enable https on activemq console on port 8162 and it works:

http://activemq.apache.org/web-console.html

However this also fails because hsts enforces that the certificate be valid, meaning the same as the website and not a snakeoil certificate

How can I use the same form of configuration that I use for apache or postfix when configuring ssl? I have three files:

SSLCertificateFile             file.crt
SSLCertificateKeyFile          file.key
SSLCertificateChainFile        bundle.crt

And I want to make activemq use those three files. I been looking around online keystore and a bunch of other things but they all take me in circles telling me how to generate keys, however I don't want to generate keys or certificates but use what I already have.

Ulukai
  • 829
  • 2
  • 10
  • 28

1 Answers1

2

You will need to create a keystore from the files you have.

Combine the cert and private key into a .p12 file:

openssl pkcs12 -export -name MyAMQCert -in file.crt -inkey file.key -out combined.p12

Convert the .p12 to a keystore:

keytool -importkeystore -destkeystore myamqkeystore.ks -srckeystore combined.p12 -srcstoretype pkcs12 -alias MyAMQCert

Add the chain to the keystore:

keytool -import -file bundle.crt -alias ChainBundle -keystore myamqkeystore.ks

You will be prompted to create passwords for the keystore. The password will also be needed in your ActiveMQ config referencing the keystore file.

bitmage
  • 23
  • 5