合规国际互联网加速 OSASE为企业客户提供高速稳定SD-WAN国际加速解决方案。 广告
## 一、概述 默认的,基于tcp,但可以为了安全,增加SSL支持; ## 二、Artemis的SSL支持(客户端免证书单向验证) ### **采用keytool生成所需文件** 生成服务器Broker端和客户端的证书: ``` keytool -genkey -keystore serverkeystore.jks -storepass rayframework -keypass rayframework -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA keytool -export -keystore serverkeystore.jks -file servercert.cer -storepass rayframework keytool -import -keystore clienttruststore.jks -file servercert.cer -storepass rayframework -keypass rayframework -noprompt keytool -genkey -keystore clientkeystore.jks -storepass rayframework -keypass rayframework -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA keytool -export -keystore clientkeystore.jks -file clientcert.cer -storepass rayframework keytool -import -keystore servertruststore.jks -file clientcert.cer -storepass rayframework -keypass rayframework -noprompt ``` 生成如下证书; ![](https://img.kancloud.cn/49/7d/497d278a88af78d01cb26ac2919f27e9_776x158.png) ### **修改broker实例broker.xml** 增加参数: ``` sslEnabled=true;keyStorePath=证书路径;keyStorePassword=证书密码 ``` 将证书文件全部拷贝到服务器的指定路径:如/usr/lib/app/artemis/rayframework/etc/下面; 修改broker实例路径下etc目录内的broker.xml; 增加SSL的端口Acceptor ``` <!-- 默认MQTT Acceptor --> <acceptor name="mqtttcp">tcp://0.0.0.0:1883?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=MQTT;useEpoll=true;</acceptor> <!-- 增加支持SSL免证书验证的MQTT Acceptor --> <acceptor name="mqttssl">tcp://0.0.0.0:1889?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=MQTT;sslEnabled=true;keyStorePath=/usr/lib/app/artemis/rayframework/etc/serverkeystore.jks;keyStorePassword=rayframework;</acceptor> </acceptors> ``` 重启服务,即可; ## 三、客户端测试 ![](https://img.kancloud.cn/4d/11/4d11c5c740d2c67c082544595454e632_1171x600.png)