I have a standalone ActiveMQ Artemis server, and I have it working with my own self-signed certificates so now I’m trying to get it working with a real cert. I have a valid certificate from Let’s Encrypt, but after adding the cert to my trust store Artemis starts, but the admin console returns SSL_PROTOCOL_ERROR because it does not get an ssl handshake.
Does anyone know how to configure ActiveMQ Artemis with a real, verified certificate? My bootstrap.xml is below
<web path="web" rootRedirectLocation="console">
<binding name="artemis"
uri="https://haproxy.dedicatedtoservers.com:8161"
keyStorePath="/var/lib/mybroker/etc/broker_ks.p12"
keyStorePassword="********"
>
<app name="branding" url="activemq-branding" war="activemq-branding.war"/>
<app name="plugin" url="artemis-plugin" war="artemis-plugin.war"/>
<app name="console" url="console" war="console.war"/>
</binding>
</web>
And the startup console
2024-12-13 09:37:57,769 INFO [org.apache.activemq.artemis] AMQ241003: Starting embedded web server
2024-12-13 09:37:58,054 INFO [org.apache.activemq.hawtio.branding.PluginContextListener] Initialized activemq-branding plugin
2024-12-13 09:37:58,110 INFO [org.apache.activemq.hawtio.plugin.PluginContextListener] Initialized artemis-plugin plugin
2024-12-13 09:37:58,158 INFO [io.hawt.HawtioContextListener] Initialising hawtio services
2024-12-13 09:37:58,178 INFO [io.hawt.system.ConfigManager] Configuration will be discovered via system properties
2024-12-13 09:37:58,181 INFO [io.hawt.jmx.JmxTreeWatcher] Welcome to Hawtio2.17.7 2024-12-13 09:37:58,192 INFO [io.hawt.web.auth.AuthenticationConfiguration] Starting hawtio authentication filter, JAAS realm: "activemq" authorized role(s): "amq" role principal classes: "org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal"
2024-12-13 09:37:58,205 INFO [io.hawt.web.auth.LoginRedirectFilter] Hawtio loginRedirectFilter is using 1800 sec. HttpSession timeout
2024-12-13 09:37:58,455 INFO [org.apache.activemq.artemis] AMQ241001: HTTP Server started at https://haproxy.dedicatedtoservers.com:8161 2024-12-13 09:37:58,457 INFO [org.apache.activemq.artemis] AMQ241002: Artemis Jolokia REST API available at https://haproxy.dedicatedtoservers.com:8161/console/jolokia
2024-12-13 09:37:58,457 INFO [org.apache.activemq.artemis] AMQ241004: Artemis Console available at https://haproxy.dedicatedtoservers.com:8161/console
Physician heal thy self 🙂
openssl pkcs12 -inkey /home/peter/haproxy.dedicatedtoservers.com/privkey.pem -in /home/peter/haproxy.dedicatedtoservers.com/fullchain.pem -export -out ./keystore.jks
keytool -import -alias client -keystore ./keystore.jks -file /home/peter/haproxy.dedicatedtoservers.com/chain.pem -deststoretype pkcs12
keytool -import -alias 3 -keystore ./keystore.jks -file /home/peter/haproxy.dedicatedtoservers.com/cert.pem -deststoretype pkcs12