小贝子编程

如何在ActiveMQ Artemis中为基于密钥库和信任库的MQTT协议启用SSL



我在Linux中安装了ActiveMQ Artemis并配置了broker.xml。我使用的是证书,但ActiveMQ Artemis使用密钥库和信任库。如何创建这些以及如何为MQTT协议启用SSL?

下面显示配置broker.xml

<acceptor name="mqtt">tcp://0.0.0.0:1883?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=MQTT;useEpoll=true
sslEnabled=true;
keyStorePath=home/certs/server-ks/server1.p12;keyStorePassword=abc@1234;
trustStorePath=home/certs/server-ks/server1.p12;
trustStorePassword=abc@1234;needClientAuth=true
</acceptor>

我已将证书(.pem(转换为密钥库和信任库

keytool -import -alias rootCA -trustcacerts -file certs/ca.pem -keystore certs/activeMQ-truststore.jks
openssl pkcs12 -inkey certs/server-cert/server1.pem -in certs/server-cert/server1.pem -name server1 -export -out certs/server-ks/server1.p12
keytool -importkeystore -deststorepass abc@1234 -destkeystore certs/server-ks/server-keystore1.jks -srckeystore certs/server-ks/server1.p12 -srcstoretype PKCS12

如上所述,我已经创建/转换了客户端密钥库。

我需要使用具有自签名客户端密钥库的MQTT.FX客户端连接broker。

如何做到这一点我感到困惑。如果有人有主意,请帮帮我。

在自签名配置中,通常会为broker和客户端创建一个证书,导出每个证书,然后将broker的证书导入客户端的信任库,并将客户端的证书导入broker的信任库。您可以使用Java的keytool命令来完成所有这些操作。

看看examples/features/standard/ssl-enabled-dual-authentication目录中ActiveMQ Artemis附带的示例。它演示了如何做到这一点,例如:

keytool -genkey -keystore server-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA
keytool -export -keystore server-side-keystore.jks -file server-side-cert.cer -storepass secureexample
keytool -import -keystore client-side-truststore.jks -file server-side-cert.cer -storepass secureexample -keypass secureexample -noprompt
keytool -genkey -keystore client-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA
keytool -export -keystore client-side-keystore.jks -file client-side-cert.cer -storepass secureexample
keytool -import -keystore server-side-truststore.jks -file client-side-cert.cer -storepass secureexample -keypass secureexample -noprompt

您的acceptor将需要sslEnabled=trueneedClientAuth=true

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium