Book: Configuring Messaging
Revision: e7cfdf2f1d183da6a461ee61a5c9624f1bef7b11:en-us
Link: https://doc-stage.usersys.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1.beta/single/configuring_messaging/#securing_the_transport
Section Securing the Transport only refers to security guide where it is explained how to configure SSL/TLS on Undertow subsystem. However this is not enough for messaging. See below for details.
When new connection to messaging is created, at first Undertow communicates with an initiator and then the connection is tunneled to messaging. SSL/TLS negotiation is done by Undertow hence you have to do SSL/TLS related configuration in Undertow. How to configure Undertow and SSL/TLS is documented in referred security section.
Below are listed information which are missing.
- By default all http-acceptors have configured default http-listener which listens on HTTP port. All http-acceptors must be updated to use https-listener configured in previous step which listens on HTTPS port.
- http-connectors have to be also updated to listen on HTTPS port.
- Each http-connector which wants to communicate through SSL/TLS, it must have parameter ssl-enabled set on true.
- If a http-connector is used to connect to another server, you have to configure related parameters such as trust-store, key-store. Basically http-connector requires the same parameters as remote-connector which is already well-documented in [1].
- is cloned by
-
JBEAP-14348 [EO12] Messaging - Missing information in Securing transport with HTTP connectors/acceptors
-
- Closed
-
