Allowing SSL access to the ActiveMQ broker is done by adding a suitable transport connector to the activemq.xml configuration file:
<amq:transportConnectors>
<amq:transportConnector uri="ssl://0.0.0.0:31337?trace=true&wantClientAuth=true&needClientAuth=true"/>
</amq:transportConnectors>
After restarting the broker it will accept connections on port 31337 (in this case) on any interface (Indicated by 0.0.0.0). Additionally client authentication will be enabled, which requires a truststore to be setup (see below).
Specifying the location of the key and trust stores used by the server is done in the sslContext section of the same configuration file:
<amq:sslContext>
<amq:sslContext keyStore="file://${activemq.base}/data/broker.ks" keyStorePassword="123456" trustStore="file://${activemq.base}/data/broker.ks" trustStorePassword="123456"/>
</amq:sslContext>
Note that updating the key- or trust stores requires a server restart as they are read on start-up.