SSL

Question

SSL

vysecurity opened this issue 8 years ago · 4 comments

Any way to ignore SSL certificate issues?

Answer 1 · 2017-05-30T08:59:14.000Z

Not really. TLS issues are a bit hard to ignore on a general basis as it's designed not to be ignored.

Turn back the system time if the certificate is too old may be one option. But other than that - no. It may be possible to implement something in A to use a custom TrustManager, but I'm not sure since there is many different clients.

Answer 2 · 2017-05-31T16:57:42.000Z

Exactly what issues do you want to ignore?

Answer 3 · 2017-05-31T17:00:16.000Z

Self signed certificates

Answer 4 · 2017-05-31T18:42:23.000Z

Ok. that's no problem. You simply have to import these self-signed certificates into a Java trust store and point to that trust store while starting a. Creating a keystore, download the self signed certificate from the ActiveMQ server and importing it into the truststore can be done using Portecle (https://sourceforge.net/projects/portecle/) or on the command line using openssl + keytool.

Executing A with a custom truststore will then be something like:

java -Djavax.net.ssl.trustStore=/path/to/my-truststore.jks -jar a-<version>-with-dependencies.jar -b ssl://whatever:61618 --get MY.QUEUE