sslactivemq-artemis

How to fix ActiveMQ Artemis connection timeouts when sslEnabled=true


I'm trying to enable SSL on a Artemis broker and always get this exception when trying to connect:

Exception in thread "main" ActiveMQConnectionTimedOutException[errorType=CONNECTION_TIMEDOUT message=AMQ219013: Timed out waiting to receive cluster topology. Group:null]
    at org.apache.activemq.artemis.core.client.impl.ServerLocatorImpl.createSessionFactory(ServerLocatorImpl.java:743)

The code I use to connect is just this:

ActiveMQClient.createServerLocator("tcp://localhost:5500").createSessionFactory();

This is from a fresh install of Artemis 2.23.1 and the only thing I changed from the default broker configuration was to add this acceptor in broker.xml:

<acceptor name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;keyStorePath=server-keystore.jks;keyStorePassword=securepass</acceptor>

I generated the keystore and truststore using the script provided in this example.

I had first tried a keystore with a cert that is valid for my domain (using a domain-qualified host name in createServerLocator()) but that also gave me the timeout. That is when I went back to fresh installs and tried going through the SSL example.

Various attempts with invalid paths/passwords/certs threw exceptions that led me to what to fix, but so far haven't been able to see what I did wrong with a generic timeout discovering cluster topology.

Anybody have ideas?


Solution

  • You need to specify sslEnabled=true on the client's URL as well so it knows to use SSL, e.g.:

    ActiveMQClient.createServerLocator("tcp://localhost:5500?sslEnabled=true").createSessionFactory();
    

    This is done for the JMS connection in the ssl-enabled example which you cited here.

    Also, if you're using self-signed certificates then you'll need a truststore for your client as well and you'll need to configure those settings on the client's URL (just like in the example).