I have followed this guide to secure the ActiveMQ 5.16.2 web console. I made the following configuration in my jetty.xml:
Per default the authentication setting is true, so I just left it like that:
<property name="authenticate" value="true" />
I have generated a certificate amqtest.p12 and moved it into the conf folder, i.e.:
/home/amquser/apache-activemq-5.16.2/conf/amqtest.p12
I have enabled the SecureConnector and changed the keyStorePath and keyStorePassword:
<bean id="SecureConnector" class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="Server" />
<constructor-arg>
<bean id="handlers" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<property name="keyStorePath" value="$file:${activemq.conf}/amqtest.p12" />
<property name="keyStorePassword" value="changeit" />
</bean>
</constructor-arg>
<property name="port" value="8162" />
</bean>
Unfortunately, I receive the following when I try to start ActiveMQ:
INFO | Starting Jetty server
INFO | Creating Jetty connector
WARN | ServletContext@o.e.j.s.ServletContextHandler@1ecfcbc9{/,null,STARTING} has uncovered http methods for path: /
INFO | Listening for connections at ws://amqtest:61614?maximumConnections=1000&wireFormat.maxFrameSize=104857600
INFO | Connector ws started
INFO | Apache ActiveMQ 5.16.2 (localhost, ID:amqtest-33843-1626808816420-0:1) started
INFO | For help or more information please see: http://activemq.apache.org
WARN | Store limit is 102400 mb (current store usage is 0 mb). The data directory: /home/amquser/apache-activemq-5.16.2/data/kahadb only has 2905 mb of usable space. - resetting to maximum available disk space: 2905 mb
WARN | Temporary Store limit is 51200 mb (current store usage is 0 mb). The data directory: /home/amquser/apache-activemq-5.16.2/data only has 2905 mb of usable space. - resetting to maximum available disk space: 2905 mb
INFO | ActiveMQ WebConsole available at http://0.0.0.0:8161/
INFO | ActiveMQ Jolokia REST API available at http://0.0.0.0:8161/api/jolokia/
WARN | Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'invokeStart' defined in class path resource [jetty.xml]: Invocation of init method failed; nested exception is java.lang.IllegalStateException: /home/amquser/apache-activemq-5.16.2/bin/$file:/home/amquser/apache-activemq-5.16.2/conf/amqtest.p12 is not a valid keystore
INFO | Apache ActiveMQ 5.16.2 (localhost, ID:amqtest-33843-1626808816420-0:1) is shutting down
INFO | Connector openwire stopped
INFO | Connector amqp stopped
INFO | Connector stomp stopped
INFO | Connector mqtt stopped
INFO | Connector ws stopped
INFO | Broker Plugin org.apache.activemq.broker.util.DestinationPathSeparatorBroker stopped
INFO | PListStore:[/home/amquser/apache-activemq-5.16.2/data/localhost/tmp_storage] stopped
INFO | Stopping async queue tasks
INFO | Stopping async topic tasks
INFO | Stopped KahaDB
INFO | Apache ActiveMQ 5.16.2 (localhost, ID:amqtest-33843-1626808816420-0:1) uptime 1.539 seconds
INFO | Apache ActiveMQ 5.16.2 (localhost, ID:amqtest-33843-1626808816420-0:1) is shutdown
INFO | Closing org.apache.activemq.xbean.XBeanBrokerFactory$1@6973b51b: startup date [Tue Jul 20 19:20:15 GMT 2021]; root of context hierarchy
ERROR | Failed to load: class path resource [activemq.xml], reason: Error creating bean with name 'invokeStart' defined in class path resource [jetty.xml]: Invocation of init method failed; nested exception is java.lang.IllegalStateException: /home/amquser/apache-activemq-5.16.2/bin/$file:/home/amquser/apache-activemq-5.16.2/conf/amqtest.p12 is not a valid keystore
I have generated the cert with an Ansible script provided by my project team. I have also generated another cert with this Ansible script before and it worked to activate ActiveMQ 5.7.0 web console. Thus, I would assume that it was correctly generated.
Try using this in your jetty.xml:
<property name="keyStorePath" value="${activemq.conf}/amqtest.p12" />
You have an extra $file: in there that's messing it up. You can see this in the error message:
java.lang.IllegalStateException: /home/amquser/apache-activemq-5.16.2/bin/$file:/home/amquser/apache-activemq-5.16.2/conf/amqtest.p12 is not a valid keystore```