Sun GlassFish Message Queue 4.4 Administration Guide

Step 6 (HTTP and HTTPS): Configuring a Connection

To make HTTP/HTTPS connections to a broker, a client application needs an appropriately configured connection factory administered object. Before configuring the connection factory, clients wishing to use secure HTTPS connections must also have access to SSL libraries provided by the Java Secure Socket Extension (JSSE) and must obtain a trusted root certificate.

Installing a Root Certificate (HTTPS Only)

If the root certificate of the certification authority (CA) that signed your application server’s (or Web server’s) certificate is not in the trust store by default, or if you are using a proprietary application server or Web server certificate, you must install the root certificate in the trust store. (This step is not needed for ordinary, non-secure HTTP connections, or if the CA’s root certificate is already in the trust store by default.)

ProcedureInstalling a Root Certificate in the Trust Store

  1. Import the root certificate.

    Execute the command

       JRE_HOME/bin/keytool  -import  -trustcacerts
                             -alias certAlias  -file certFile
                             -keystore trustStoreFile
    

    where certFile is the file containing the root certificate, certAlias is the alias representing the certificate, and trustStoreFile is the file containing your trust store.

  2. Confirm that you trust the certificate.

    Answer YES to the question Trust this certificate?

  3. Identify the trust store to the client application.

    In the command that launches the client application, use the -D option to specify the following properties:

       javax.net.ssl.trustStore=trustStoreFile
       javax.net.ssl.trustStorePassword=trustStorePassword
    

Configuring the Connection Factory (HTTP and HTTPS)

To enable HTTP/HTTPS support, you need to set the connection factory’s imqAddressList attribute to the URL of the HTTP/HTTPS tunnel servlet. The URL has the form

   http://hostName:portNumber/contextRoot/tunnel

or

   https://hostName:portNumber/contextRoot/tunnel

where hostName:portNumber is the host name and port number of the application server or Web server hosting the tunnel servlet and contextRoot is the context root directory you specified when deploying the tunnel servlet on the server, as described above under Step 4 (HTTP and HTTPS): Deploying the Tunnel Servlet.

You can set the imqAddressList attribute in any of the following ways:

Using a Single Servlet to Access Multiple Brokers (HTTP and HTTPS)

It is not necessary to configure multiple application or Web servers and tunnel servlets in order to access multiple brokers; you can share a single server instance and tunnel servlet among them. To do this, you must configure the imqAddressList connection factory attribute as follows:

   http://hostName:portNumber/contextRoot/tunnel?ServerName=brokerHostName:instanceName

or

   https://hostName:portNumber/contextRoot/tunnel?ServerName=brokerHostName:instanceName

where brokerHostName is the broker instance host name and instanceName is the name of the specific broker instance you want your client to access.

To check that you have entered the correct values for brokerHostName and instanceName, generate a status report for the HTTP/HTTPS tunnel servlet by accessing the servlet URL from a browser:

   http://localhost:8080/imqhttp/tunnel

The report lists all brokers being accessed by the servlet, as shown in Example C–1.


Example C–1 Tunnel Servlet Status Report


HTTP tunnel servlet ready.
Servlet Start Time : Thu May 30 01:08:18 PDT 2002
Accepting secured connections from brokers on port : 7675
Total available brokers = 2
Broker List :
   helios:broker1
   selene:broker2


Using an HTTP Proxy

To use an HTTP proxy to access the HTTPS tunnel servlet, set the system properties http.proxyHost and http.proxyPort to the proxy server’s host name and port number. You can set these properties using the -D option to the command that launches the client application.