Uploaded image for project: 'A-MQ Broker'
  1. A-MQ Broker
  2. ENTMQBR-599

Define truststore and keystore by artemis cli

    Details

    • Type: Bug
    • Status: To Do
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: A-MQ 7.0.0.ER17
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Environment:
    • Affects:
      Release Notes
    • Workaround:
      Workaround Exists
    • Workaround Description:
      Hide

      Setup boostrap.xml manually.

      Show
      Setup boostrap.xml manually.
    • Release Notes Text:
      Creating a broker instance by using the --ssl-key, --ssl-key-password, --ssl-trust, and --ssl-trust-password parameters does not work. To work around this issue, set the corresponding properties manually in bootstrap.xml after creating the broker.
    • Release Notes Docs Status:
      Documented as Known Issue

      Description

      When I try create SSL secured embedded web server by artemis cli, instance is created, but without any ssl configuration.

      Artemis CLI options:

      artemis create
              --ssl-key <sslKey>
                  The key store path for embedded web server
      
              --ssl-key-password <sslKeyPassword>
                  The key store password
      
              --ssl-trust <sslTrust>
                  The trust store path in case of client authentication
      
              --ssl-trust-password <sslTrustPassword>
                  The trust store password
      

      Reproduce:
      Generate trust store and keystore (only brokers needed)

      # Broker | keystore
      keytool -genkey -keystore /tmp/cert/broker-keystore.jks -storepass redhat_secret123 -keypass redhat_secret123 -dname "CN=<domain or ip>" -keyalg RSA
      
      # Client keystore
      keytool -genkey -keystore /tmp/cert/client-keystore.jks -storepass redhat_secret123 -keypass redhat_secret123 -dname "CN=<domain or ip>" -keyalg RSA
      # Client | key out
      keytool -export -keystore /tmp/cert/client-keystore.jks -file /tmp/cert/client-cert.cert -storepass redhat_secret123
      
      # Create broker Trust store
      keytool -import -keystore /tmp/cert/broker-truststore.jks -file /tmp/cert/client-cert.cert -storepass redhat_secret123 -keypass redhat_secret123 -noprompt
      

      Run CLI cmd

      artemis create --ssl-key /tmp/cert/broker-keystore.jks --ssl-key-password redhat_secret123 --ssl-trust /tmp/cert/client-keystore.jks --ssl-trust-password redhat_secret123 --use-client-auth --aio --cluster-password redhat_secret123 --cluster-user admin --http-host 0.0.0.0 --role amq --user admin --password redhat_secret123 --require-login /opt/ER17-SSL
      

      cmd was returned with 0 and etc

      {bootstrap.xml..}

      is without ssl configuration.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                ataylor Andy Taylor
                Reporter:
                dlenoch Dominik Lenoch
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: