[ENTMQBR-599] Define truststore and keystore by artemis cli - JBoss Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: To Do
Priority: Major
Resolution: Unresolved
Affects Version/s: A-MQ 7.0.0.ER17
Fix Version/s: None
Component/s: None
Labels:
None
Environment:

Hide

LSB Version: :core-4.1-amd64:core-4.1-noarch
Distributor ID: RedHatEnterpriseServer
Release: 7.3
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b31)
Java HotSpot(TM) 64-Bit Server VM (build 25.121-b31, mixed mode)
ER17

Show
LSB Version: :core-4.1-amd64:core-4.1-noarch Distributor ID: RedHatEnterpriseServer Release: 7.3 java version "1.8.0_121" Java(TM) SE Runtime Environment (build 1.8.0_121-b31) Java HotSpot(TM) 64-Bit Server VM (build 25.121-b31, mixed mode) ER17

Affects:

Release Notes
Workaround:

Workaround Exists
Workaround Description:

Hide

Setup boostrap.xml manually.

Show
Setup boostrap.xml manually.
Release Notes Text:
Creating a broker instance by using the --ssl-key, --ssl-key-password, --ssl-trust, and --ssl-trust-password parameters does not work. To work around this issue, set the corresponding properties manually in bootstrap.xml after creating the broker.
Release Notes Docs Status:
Documented as Known Issue

Description

When I try create SSL secured embedded web server by artemis cli, instance is created, but without any ssl configuration.

Artemis CLI options:

artemis create

        --ssl-key <sslKey>

            The key store path for embedded web server

        --ssl-key-password <sslKeyPassword>

            The key store password

        --ssl-trust <sslTrust>

            The trust store path in case of client authentication

        --ssl-trust-password <sslTrustPassword>

            The trust store password

Reproduce:
Generate trust store and keystore (only brokers needed)

# Broker | keystore

keytool -genkey -keystore /tmp/cert/broker-keystore.jks -storepass redhat_secret123 -keypass redhat_secret123 -dname "CN=<domain or ip>" -keyalg RSA

# Client keystore

keytool -genkey -keystore /tmp/cert/client-keystore.jks -storepass redhat_secret123 -keypass redhat_secret123 -dname "CN=<domain or ip>" -keyalg RSA

# Client | key out

keytool -export -keystore /tmp/cert/client-keystore.jks -file /tmp/cert/client-cert.cert -storepass redhat_secret123

# Create broker Trust store

keytool -import -keystore /tmp/cert/broker-truststore.jks -file /tmp/cert/client-cert.cert -storepass redhat_secret123 -keypass redhat_secret123 -noprompt

Run CLI cmd

artemis create --ssl-key /tmp/cert/broker-keystore.jks --ssl-key-password redhat_secret123 --ssl-trust /tmp/cert/client-keystore.jks --ssl-trust-password redhat_secret123 --use-client-auth --aio --cluster-password redhat_secret123 --cluster-user admin --http-host 0.0.0.0 --role amq --user admin --password redhat_secret123 --require-login /opt/ER17-SSL

cmd was returned with 0 and etc

{bootstrap.xml..}

is without ssl configuration.

Gliffy Diagrams

Attachments

Activity

People

Assignee:

Andy Taylor

Reporter:

Dominik Lenoch

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

27/Mar/17 8:55 AM

Updated:

02/Aug/18 5:03 AM