Owner manual
Secure Socket Layer
NSMQ broker also provides security using Secure Socket Layer (SSL) protocol. Enabling SSL at
the NSMQ broker level provides:
• Privacy – Messages are encrypted using a secret key, thus preventing it from being hacked
to read messages.
• Message Integrity – Messages are digitally signed, ensuring that they cannot be tampered.
• Authentication – The identity of the broker is authenticated.
The in-built JSSE framework of NSJ is used by NSMQ to provide SSL connectivity between clients
and broker. This framework provides a convenient way to store the private keys in a keystore.
These details must be specified in the broker configuration file
/<broker_name>/conf/activemq.xml as shown:
<sslContext>
<sslContext keyStore="file:${activemq.base}/conf/broker.ks"
keyStorePassword="password"
trustStore="file:${activemq.base}/conf/broker.ts"
trustStorePassword="password"/>
</sslContext>
Configuring SSL
If you are configuring SSL before installing NSMQ, perform the following steps:
1. Edit the
<NSMQ-PAX-extracted-folder>/nsmq/T0975H01<build>/bin/nsmq.properties
file by adding the following JVM properties to the NSMQ_OPTS variable:
-Djavax.net.ssl.keyStore=<full-path>/broker.ks
-Djavax.net.ssl.keyStorePassword=<password>
-Djavax.net.ssl.trustStore=<full-path>/broker.ts
-Djavax.net.ssl.trustStorePassword=<password>
2. Edit the activemqNonPersistent.template and activemqPersistent.template
files by adding the <sslContext> element inside the <broker> element.
<sslContext>
<sslContext keyStore="file:<full-path>/broker.ks"
keyStorePassword="<password>"
trustStore="file:<full-path>/broker.ts"
trustStorePassword="<password>"/>
</sslContext>
where <password> is the user password that you specify.
If you are configuring SSL after installing NSMQ, then in step 2, add the <sslContext> element
inside the <broker> element in broker configuration file (activemq.xml) for every broker.
For CLI commands to work, make similar changes in the activemq.properties file.
44 Security