...
Instructions for setting up ActiveMQ to use ssl certificates can be found here: http://activemq.apache.org/how-do-i-use-ssl.html. Additionally it should be ensured that only encrypted connections is are available and that the ssl connector have the parameters "?wantClientAuth=true&needClientAuth=true" in its uri, this forces the use of mTLS.
...
To exchange data a concept of FileExchange exists. Which protocols is are supported is not set in stone, but caution should be taken to ensure that traffic is encrypted.
The reference fileexchange FileExchange is Webdav a WebDAV over a https (mTLS) connection.
...
To distribute certificates RepositorySettings is used as the single source of trust in the repository. That also encompass encompasses the infrastructure components such as ActiveMQ and FileExchange.
Setting When setting up an ActiveMQ or FileExchange i(e.eg. webdavWebDAV), certificates to trust should be taken from the RepositorySettings permissions section.
...
- The ActiveMQ messagebus should trust certificates with the <InfrastructurePermission>MessageBusClient</InfrastructurePermission>
- The FileExchange should only trust client certificates with the <InfrastructurePermission>FileExchangeClient</InfrastructurePermission>
- Clients and pillars should only trust ActiveMQ instances using certificates with the <InfrastructurePermission>MessageBusServer</InfrastructurePermission>
- Clients and pilalrs pillars should only trust FileExchanges FileExchange instances using certificates with the <InfrastructurePermission>FileExchangeServer</InfrastructurePermission>
...