Setting up the Key and Trust Stores
Also see Tomcat's SSL instructions for more info. The following was provided by Colin Kilburn. Thanks Colin!
Starting the Broker
Using the javax.net.ssl.* System Properties
Before starting the broker's VM set the SSL_OPTS enviorment variable so that it knows to use the broker keystore.
Using Spring to configure SSL for a Broker instance
Sometimes the use of javax.net.ssl.* system properties is not appropriate as they effect all SSL users in a JVM. ActiveMQ 5.2.x adds an <sslContext> element to the <amq:broker> that allows a broker specific set of SSL properties to be configured.
The SslContext test case validates starting an SSL transport listener using the configuration specified in the broker Xbean. The SslContext element is added to the broker as follows:
The SslContext is used to configure the SslTransportFactory for that broker. Full details of the configuration options available can be seen in the schema definition or in the accessors of org.apache.activemq.spring.SpringSslContext
Starting the Client
When starting the client's VM, specify the following system properties:
If you want to verify client certificates, you need to take a few extra steps:
Starting with version 5.12, you can define certificate revocation list (CRL) path on ssl context, so that invalid certificates can revoked
This list is static and loaded on broker startup. You can also enable more advanced Online Certificate Status Protocol (OCSP) protocol by setting appropriate system properties (in
These links might also help