Details
-
Bug
-
Resolution: Obsolete
-
Major
-
None
-
A-MQ 7.0.0.ER17
-
None
-
None
-
Release Notes
-
Creating a broker instance by using the --ssl-key, --ssl-key-password, --ssl-trust, and --ssl-trust-password parameters does not work. To work around this issue, set the corresponding properties manually in bootstrap.xml after creating the broker.
-
Documented as Known Issue
-
Workaround Exists
-
Description
When I try create SSL secured embedded web server by artemis cli, instance is created, but without any ssl configuration.
Artemis CLI options:
artemis create
--ssl-key <sslKey>
The key store path for embedded web server
--ssl-key-password <sslKeyPassword>
The key store password
--ssl-trust <sslTrust>
The trust store path in case of client authentication
--ssl-trust-password <sslTrustPassword>
The trust store password
Reproduce:
Generate trust store and keystore (only brokers needed)
# Broker | keystore keytool -genkey -keystore /tmp/cert/broker-keystore.jks -storepass redhat_secret123 -keypass redhat_secret123 -dname "CN=<domain or ip>" -keyalg RSA # Client keystore keytool -genkey -keystore /tmp/cert/client-keystore.jks -storepass redhat_secret123 -keypass redhat_secret123 -dname "CN=<domain or ip>" -keyalg RSA # Client | key out keytool -export -keystore /tmp/cert/client-keystore.jks -file /tmp/cert/client-cert.cert -storepass redhat_secret123 # Create broker Trust store keytool -import -keystore /tmp/cert/broker-truststore.jks -file /tmp/cert/client-cert.cert -storepass redhat_secret123 -keypass redhat_secret123 -noprompt
Run CLI cmd
artemis create --ssl-key /tmp/cert/broker-keystore.jks --ssl-key-password redhat_secret123 --ssl-trust /tmp/cert/client-keystore.jks --ssl-trust-password redhat_secret123 --use-client-auth --aio --cluster-password redhat_secret123 --cluster-user admin --http-host 0.0.0.0 --role amq --user admin --password redhat_secret123 --require-login /opt/ER17-SSL
cmd was returned with 0 and etc
{bootstrap.xml..}is without ssl configuration.
