Sun Java System Message Queue 4.1 Administration Guide

ProcedureConfiguring JMX for SSL Operation

  1. Obtain and install a signed certificate.

    The procedure is the same as for the ssljms, ssladmin, or cluster connection service, as described under Using Signed Certificates.

  2. Install the root certification authority certificate in the trust store if necessary.

  3. Add the ssljmxrmi connector to the list of JMX connectors to be activated at broker startup:

  4. Start the broker.

    Use the Message Queue Broker utility (imqbrokerd, either passing it the key store password in a password file or typing it from the command line when prompted.

  5. Disable validation of certificates if necessary.

    By default, the ssljmxrmi connector (or any other SSL-based connector) is configured to validate all broker SSL certificates presented to it. Validation will fail if the signer of the certificate is not in the client's trust store. To avoid this validation (for instance, when using self-signed certificates during software testing), set the broker property imq.jmx.connector.ssljmxrmi.brokerHostTrusted to true.