Secure socket layer, Configuring ssl – HP Integrity NonStop H-Series User Manual

Secure Socket Layer

NSMQ broker also provides security using Secure Socket Layer (SSL) protocol. Enabling SSL at
the NSMQ broker level provides:

•

Privacy – Messages are encrypted using a secret key, thus preventing it from being hacked
to read messages.

•

Message Integrity – Messages are digitally signed, ensuring that they cannot be tampered.

•

Authentication – The identity of the broker is authenticated.

The in-built JSSE framework of NSJ is used by NSMQ to provide SSL connectivity between clients
and broker. This framework provides a convenient way to store the private keys in a keystore.
These details must be specified in the broker configuration file
/<broker_name>/conf/activemq.xml

as shown:

keyStorePassword="password"

trustStore="file:${activemq.base}/conf/broker.ts"
trustStorePassword="password"/>

Configuring SSL

If you are configuring SSL before installing NSMQ, perform the following steps:

1.

Edit the
/nsmq/T0975H01/bin/nsmq.properties
file by adding the following JVM properties to the NSMQ_OPTS variable:

-Djavax.net.ssl.keyStore=/broker.ks
-Djavax.net.ssl.keyStorePassword=
-Djavax.net.ssl.trustStore=/broker.ts
-Djavax.net.ssl.trustStorePassword=

2.

Edit the activemqNonPersistent.template and activemqPersistent.template
files by adding the element inside the element.

keyStorePassword=""
trustStore="file:/broker.ts"
trustStorePassword=""/>

where is the user password that you specify.

If you are configuring SSL after installing NSMQ, then in step 2, add the element
inside the element in broker configuration file (activemq.xml) for every broker.

For CLI commands to work, make similar changes in the activemq.properties file.

44

Security