Menu Close
Settings Close

Language and Page Formatting Options

Red Hat Training

A Red Hat training course is available for Red Hat AMQ

Appendix A. Managing Certificates

A.1. Installing Certificate Authority Certificates

SSL/TLS authentication relies on digital certificates issued by trusted Certificate Authorities (CAs). As a SSL/TLS connection is established by a client the AMQP peer sends a server certificate to the client. This server certificate must be signed by one of the CAs in the client’s Trusted Root Certification Authorities certificate store.

If the user is creating self-signed certificates for use by the Red Hat JBoss AMQ Broker then the user must create a CA to sign the certificates. Then the user enables Client SSL/TLS Handshake by installing the self-signed CA file ca.crt.

  • From an Administrator command prompt run the MMC Certificate Manager plugin: certmgr.msc
  • Expand the Trusted Root Certification Authorities folder on the left to expose Certificates
  • Right click Certificates and select All Tasks → Import…
  • Click Next
  • Browse to select file ca.crt
  • Click Next
  • Select Place all certificates in the following store
  • Select Certificate store : Trusted Root Certification Authorities
  • Click Next
  • Click Finish

For more information about installing certificates see Managing Microsoft Certificate Services and SSL.

A.2. Installing Client Certificates

In order to use SSL/TLS and client certficates then the certificates with the client’s private keys must be imported into the proper certificate store on the client system.

  • From an Administrator command prompt run the MMC Certificate Manager plugin: certmgr.msc
  • Expand the Personal folder on the left to expose Certificates
  • Right click Certificates and select All Tasks → Import…
  • Click Next
  • Click Browse
  • In the file type pulldown select Personal Information Exchange (\.pfx;*.p12)*
  • Select file client.p12 and press Open
  • Click Next
  • Type in the password for the private key: password. Accept default import options.
  • Click Next
  • Select Place all certificates in the following store
  • Select Certificate store : Personal
  • Click Next
  • Click Finish

Hello World Example Using Client Certificates

Before a client will return a certificate to the broker, the AMQ .NET library must be told which certificates to use. The client certificate file client.crt is added to the list of certificates to be used during SChannel connection startup.

factory.SSL.ClientCertificates.Add(
    X509Certificate.CreateFromCertFile(certfile));

In this example, certfile is the full path to the client.p12 certificate installed in the Personal certificate store. A complete example is found in HelloWorld-client-certs.cs. This source file and the supporting project files are available in the SDK.