如何在ActiveMQ Artemis中为基于密钥库和信任库的MQTT协议启用SSL

编程问答 2022-08-11

问题描述

我已经在Linux中安装了ActiveMQ Artemis并配置了broker.xml。我正在使用证书,但是ActiveMQ Artemis使用密钥库和信任库。如何创建它们以及如何为MQTT协议启用SSL?

下面显示了配置broker.xml 

<acceptor name="mqtt">tcp://0.0.0.0:1883?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=MQTT;useEpoll=true
        sslEnabled=true;
        keyStorePath=home/certs/server-ks/server1.p12;keyStorePassword=abc@1234;
        trustStorePath=home/certs/server-ks/server1.p12;
        trustStorePassword=abc@1234;needClientAuth=true
</acceptor>

我已将证书(.pem)转换为密钥库和信任库

keytool -import -alias rootCA -trustcacerts -file certs/ca.pem -keystore certs/activeMQ-truststore.jks

openssl pkcs12 -inkey certs/server-cert/server1.pem -in certs/server-cert/server1.pem -name server1 -export -out certs/server-ks/server1.p12

keytool -importkeystore -deststorepass abc@1234 -destkeystore certs/server-ks/server-keystore1.jks -srckeystore certs/server-ks/server1.p12 -srcstoretype PKCS12

如上所述,我已经为客户端密钥库创建/转换了

我需要使用带有自签名客户端密钥库的MQTT.FX客户端连接代理。

如何实现这一目标,我感到困惑。如果有人有主意请帮助我。

解决方法

通常,在自签名配置中,您将为代理和客户端创建证书,将它们分别导出,然后将代理的证书导入到客户端的信任库中,并将客户端的证书导入到代理的信任库中。您可以使用Java的keytool命令来完成所有这些操作。

看看examples/features/standard/ssl-enabled-dual-authentication目录中ActiveMQ Artemis附带的示例。它演示了如何执行此操作,例如:

keytool -genkey -keystore server-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Server,OU=Artemis,O=ActiveMQ,L=AMQ,S=AMQ,C=AMQ" -keyalg RSA
keytool -export -keystore server-side-keystore.jks -file server-side-cert.cer -storepass secureexample
keytool -import -keystore client-side-truststore.jks -file server-side-cert.cer -storepass secureexample -keypass secureexample -noprompt
keytool -genkey -keystore client-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Client,C=AMQ" -keyalg RSA
keytool -export -keystore client-side-keystore.jks -file client-side-cert.cer -storepass secureexample
keytool -import -keystore server-side-truststore.jks -file client-side-cert.cer -storepass secureexample -keypass secureexample -noprompt

您的acceptor将同时需要sslEnabled=trueneedClientAuth=true

activemq-artemismqtt

相关问答

matplotlib报错:AttributeError: module 'backend_interagg' has no attribute 'FigureCanvas'. Did you mean: 'FigureCanvasAgg'?
使用本地python环境可以成功执行 import pandas as pd impor...
gitlab登录失败,报错:This challenge page was accidentally cached by an intermediary and is no longer available.
设置时间 控制面板
后端开发常见错误
错误1:Request method ‘DELETE‘ not supported 错误还原:...
docker常见错误
错误1:启动docker镜像时报错:Error response from daemon:...
idea常见错误
错误1:private field ‘xxx‘ is never assigned 按Alt...
pip安装依赖失败
报错如下,通过源不能下载,最后警告pip需升级版本 Requirem...