Show Table of Contents
8.2.7. Enable SSL in Java Clients
- For both server and client authentication, import the trusted CA to your trust store and keystore and generate keys for them. Create a certificate request using the generated keys and then create a certificate using the request. You can then import the signed certificate into your keystore. Pass the following arguments to the Java JVM when starting your client:
-Djavax.net.ssl.keyStore=/home/bob/ssl_test/keystore.jks -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.trustStore=/home/bob/ssl_test/certstore.jks -Djavax.net.ssl.trustStorePassword=password
- For server side authentication only, import the trusted CA to your trust store and pass the following arguments to the Java JVM when starting your client:
-Djavax.net.ssl.trustStore=/home/bob/ssl_test/certstore.jks -Djavax.net.ssl.trustStorePassword=password
- Java clients must use the SSL option in the connection URL to enable SSL encryption, per the following example.
amqp://username:password@clientid/test?brokerlist='tcp://localhost:5672?ssl='true''
- If you need to debug problems in an SSL connection, enable Java's SSL debugging by passing the argument
-Djavax.net.debug=sslto the Java JVM when starting your client.
See Also:
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.