Generate Certificates
Requirements: Make sure you have keytool and openssl installed on the machine where you want to generate certificates.
-
Please run this script to generate certificate files.
vi generate-ssl.sh
#!/bin/bash
set -e
PASSWORD=password
DAYS=36500
KEYSIZE=2048
# 1) Create a root CA
# -------------------
echo ">> Generating root CA (ca.key + ca.crt)..."
openssl req -new -x509 -days $DAYS -nodes \
-keyout ca.key -out ca.crt \
-subj "/CN=MyCA" \
-sha256
# 2) Broker: Keystore + Truststore with serverAuth EKU
# -----------------------------------------------------
# a) Create OpenSSL config for SAN and serverAuth
cat > broker-openssl.cnf <<EOF
[ v3_req ]
subjectAltName = DNS:activemq.ef-external.svc
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
EOF
echo ">> Generating broker keystore (broker.ks)..."
keytool -genkeypair \
-alias broker -keyalg RSA -keysize $KEYSIZE \
-dname "CN=broker" \
-keypass $PASSWORD -storepass $PASSWORD \
-keystore broker.ks -validity $DAYS
echo ">> Generating broker CSR (broker.csr)..."
keytool -certreq \
-alias broker -keystore broker.ks \
-file broker.csr -storepass $PASSWORD
echo ">> Signing broker CSR with SAN & EKU (broker.crt)..."
openssl x509 -req -in broker.csr \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-out broker.crt -days $DAYS -sha256 \
-extfile broker-openssl.cnf -extensions v3_req
echo ">> Importing CA into broker keystore..."
keytool -import -trustcacerts -alias ca \
-file ca.crt -keystore broker.ks -storepass $PASSWORD -noprompt
echo ">> Importing broker cert into broker keystore..."
keytool -import -alias broker \
-file broker.crt -keystore broker.ks -storepass $PASSWORD -noprompt
echo ">> Generating broker truststore (broker.ts)..."
keytool -import -trustcacerts -alias ca \
-file ca.crt -keystore broker.ts -storepass $PASSWORD -noprompt
# 3) Client: PEM cert + key with clientAuth EKU
# ----------------------------------------------
# a) Create OpenSSL config for clientAuth
cat > client-openssl.cnf <<EOF
[ v3_req ]
keyUsage = digitalSignature
extendedKeyUsage = clientAuth
subjectAltName = DNS:client
EOF
echo ">> Generating client private key (client.key)..."
openssl genrsa -out client.key $KEYSIZE
echo ">> Generating client CSR (client.csr)..."
openssl req -new -key client.key \
-out client.csr -subj "/CN=client" \
-sha256
echo ">> Signing client CSR with EKU clientAuth (client.crt)..."
openssl x509 -req -in client.csr \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-out client.crt -days $DAYS -sha256 \
-extfile client-openssl.cnf -extensions v3_req
# b) Combine key + cert + CA into single client.pem
echo ">> Combining client.key + client.crt + CA into client.pem..."
cat client.key client.crt ca.crt > client.pem
# 4) Cleanup intermediate files
# ------------------------------
echo ">> Cleaning up temporary files..."
rm -f broker.csr client.csr broker-openssl.cnf client-openssl.cnf *.srl
# 5) Summary
# ----------
echo "\n>> Done. Artifacts generated:"
echo " - broker.ks (JKS keystore with broker key & cert)"
echo " - broker.ts (JKS truststore with CA cert)"
echo " - client.key (PEM private key for client)"
echo " - client.crt (PEM client certificate)"
echo " - client.pem (PEM full chain: key+cert+CA)"
echo " - ca.crt (PEM CA certificate)"
-
Run these commands
chmod +x generate-ssl.sh
./generate-ssl.sh
After that you got files named broker.ks, broker.ts, client.key,client.crt,client.pem,ca.crt.
For ActiveMQ
In ActiveMQ-k8s Repository
-
In
activemq.xmladd the following:
<sslContext>
<sslContext keyStore="file:${ACTIVEMQ_KEYSTORE}"
keyStorePassword="${ACTIVEMQ_KEYSTORE_PASSWORD}"
trustStore="file:${ACTIVEMQ_TRUSTSTORE}"
trustStorePassword="${ACTIVEMQ_TRUSTSTORE_PASSWORD}" />
</sslContext>
-
Appended parameter
&needClientAuth=true&maximumConnections=${MAX_CONNECTIONS}&wireFormat.maxFrameSize=104857600at the end ofsslandstomp+nio+ssltransportConnector inactivemq.xmlfile.
<transportConnector name="ssl" uri="ssl://0.0.0.0:61617?enabledProtocols=TLSv1.2&needClientAuth=true&maximumConnections=${MAX_CONNECTIONS}&wireFormat.maxFrameSize=104857600"/>
<transportConnector name="stomp+ssl" uri="stomp+nio+ssl://0.0.0.0:61615?enabledProtocols=TLSv1.2&needClientAuth=true&maximumConnections=${MAX_CONNECTIONS}&wireFormat.maxFrameSize=104857600"/>
-
After making these changes please create a tag through CI/CD pipeline.
In Solution
-
Update the tag in
values.yamlfile of ActiveMQ. -
Add volumes and volumeMounts in
values.yamlfile of ActiveMQ.
extraVolumes:
- name: activemq-tls
secret:
secretName: activemq-tls
extraVolumeMounts:
- name: activemq-tls
mountPath: /activemq
-
Add these environment variables in
values.yamlfile of ActiveMQ.
- name: ACTIVEMQ_KEYSTORE
value: "/activemq/broker.ks"
- name: ACTIVEMQ_KEYSTORE_PASSWORD
value: "password"
- name: ACTIVEMQ_TRUSTSTORE
value: "/activemq/broker.ts"
- name: ACTIVEMQ_TRUSTSTORE_PASSWORD
value: "password"
DO NOT run the helm upgrade command yet for ActiveMQ before creating the below secret.
Apply kubernetes secret containing certificates
-
Convert the certificate files
broker.ks,broker.ts,client.key,client.crt,ca.crtinto base64 strings.
cat <filename> | base64 -w0; echo
-
Please add the certificate files, now converted to base64 strings,
broker.ks,broker.ts,client.key,client.crt,ca.crtin secret as shown below.
vi activemq-tls.yaml
apiVersion: v1
data:
broker.ts: MIIEcgIBAzCCBBwGCSqGSIb3DQEHAaCCBA0EggQJMIIEBTCCBAEGCSqGSIb3DQEHBqCCA/IwggPuAgEAMIID5wYJKoZIhvcNAQcBMGYGCSqGSIb3DQEFDTBZMDgGCSqGSIb3DQEFDDArBBSsbKsN+SkzUUSRfrky13asfr6CogICJxACASAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEECs8OufLqD4sG8kwGT2orcaAggNwW39R1ys86nK+LPmKF3Vc78cZVVua5vV+oDr4sDZwobyehqBF4nnKGZPwehRxE2VfqS+bMd6iofeKh7FmsN85XE03A08uJEIXSR3v/hkEdQaZyksNpotxvKmiUkSHVvcFBv63x8DpR9I4TZB2l8uClm3Sf3YRklsVFapUZ3oZbKMal4E80xylmkEao4GQ2C864w84Nv/imP6We/9RARfXbfhAw+tYZmXn6Gpo5Iv3T75BS92DBtTcSwlZib9D6+eX8+fiwYB+slKEYn55ERPOuCd5m5AOjr8Njj3ngPm1wY1sSDmVabKls7ADPITndNQo1dzfOjjk9NCsYWV3wO2ZLMRwfa5wq/aF1FdM8y8NjUmKD4dgyvaCdul8X4RDdbPXgxju73yRDoLqn/QCuWq77fJNJYMTwuoQCNxEkfL3K54wRG5YmXeeryf9NM+8WOJzXwXj5canz+Rgr/nSYxGnaEuKXO4DRKllONGnHWP45ViHnwINwwTBI5nWaeQN9RgKi8H+LGGz/IXlT7fl7mPGDyL88XGniiTOcn6DnyZ5t3lBk+/T7wcOUaCRyF5amn152Aqhxol9VKB/h2LK6UYPlt53cAKg38Zb161Ioj1rhnPo/eL7YFj3g3BBCd/4Gm0dqweqT4KGmLm7AgIG9H5ludObUAAPNcN34o+RJ5VXDAzzfYmxaXUnvYYrqRiVY7BJzi9vELDt2Gn3AaBSrnrOQO4Fra4i2yhlyGgimHTSTkosfdZfHMUe7iMu3vfY7SkcZ79Lizo6aUwRGXVJYXAhgoeDmTtKke2YLbhqen8CFYqrOKM/aNStspLN9Ttpt1gV1pXVDFdM+FqOGqmq7v0KilQIaHHFWwRZgrHEI7wSrRCDNPntRHFQeMJJl0GpoMTEcpWkhY1rIch3CLNaKHjbTdazMez/HIfAlHwh0azkpKZAX+QAViP03ACdY0si9Js+zEIFXNFHikLtQA6fBMUhxXDphr+IS86BktO6i9KM3KiFNPIKBkvJYojhiCk4HmLihTW3my4f1XOaAn4i25IQl0F0qPRp/iDUmFQdV2XFIf/iuKzriC2QuBjImrvtsZKwcVebfFrBXpRiZ2hJWuxk4yYk9IQQXxpzrAIj1aL16Vw9pEjlZKS9S4gGvVxRQ/T2qoAHX74vGnDctOWCIWvKdzBNMDEwDQYJYIZIAWUDBAIBBQAEIAYcsjTaiF2hFGRhUsrteZAFWHXODjdD7PR/RuDSl9/7BBT4WAe29MV6BDp9IvU/tYnXtMFFFQICJxA=
broker.ks: MIIRJAIBAzCCEM4GCSqGSIb3DQEHAaCCEL8EghC7MIIQtzCCBa4GCSqGSIb3DQEHAaCCBZ8EggWbMIIFlzCCBZMGCyqGSIb3DQEMCgECoIIFQDCCBTwwZgYJKoZIhvcNAQUNMFkwOAYJKoZIhvcNAQUMMCsEFB/VJEDel11Blzqg4FjLsZgNJmaaAgInEAIBIDAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQkvI9399VVJrIG6mA5NoVKASCBNADGVjebyTkik8Hmew8Astzbze4gsN7uDz1CGwxZa2p32eY8dxzdkLfhTn4GjzcLr4/7PF86HluVLFvVAtNfOmOGh/wXsztPgCe0nsSY/XuNnZgQOB09E77V9JTdwGSLcwp6H7Wv6w7IoqTRTHt6AhzSXtTHUzLDT6+QB153jc5CLzYKMtV6AqKFii5OH7u0X8b7zH9DEVqtSyja9ia1IdctPuZPCafyiSvz4NNLCorsu0NLwQeytv5yszI2YlvaXXFKiVVK31Zru7D0/lZ0fSlqyVSBzOb5Ayxg/4Si/2G59pPR94iiU530hmbgW4W/jLbfjFkae2OqXtxR0k4fp+SNaKhujHJb4F4jt61oOQEenusbC0bVXj144nHa701XiGtwM1AdyO24Bh9DCQBfBoLWjv1gCQEpkQe5u6z/BoOeAbo8FjyZRTOaHqqPjOeu/7VBoHuOkdGxBMxxQiq1wFwHbTRTg0SpqXVIfowSeYxFNMrNDO2rv/4Kxf//k8TX5kO+H8MK1047Bj+TA6MtBvOrg3nEVX5ASUpwFD+mhSq6Z4geUaLiV8WGUnc1WKM9vhq0U9+YxsXRbnASpoaoPPyLk1+3EGzYco1QaAsavuDtcVNMjONHdd3P9V9pB90bwZvmTG74W3kxFCcQA17bSVG6PU4e72D5lk+iY3EVjSobBfiwjuGPiLZZfO+uGhfj0jzH4RGCy11ertmjvULU/AJKYO/pCGSbi7g97e1EBEZonma+PlHkNAUnnZA7LehgnV8G05iWzoeTVb/0Da23WnVacHw9ACR5gHX1UW56Vt1htR/nlMr5+H4cd3zYwa0HnLIu8CRX8VulJmDk34tYWwxSvVt0fs7JhA7bp5tLGwwK50t3DIRfEzPAELj/hkZGoLxsMVpkZhw41sLuGHVBpXgk9QvzsT1QLhHZcka21DctOvXH+saJbGo64i5BNIbwCQnSslXleIFsO7msgEjZ7n8L3YRqbjrYhtc1ze77P34Oh1Pkfz+VAsDJAY/SN5zsAnkoKBi7CbVGZ5wLVNOrjLJ34dW0mFTPRtSNz8Lekj5NaWXQnQXh1BtWxslUJ5DACmop1xXMv7xfTLJI8fliSz4rRZ5nv7gpTBGwW4+KJu1gnG76Z4Im1QPzbRHRpD7K+YNNOPWfH4BEklH3dAUpMVDDeqIGjedSf/nCBBN+W4UV7VfMsIvRPo07q2Ut9GU8dJYi2f2x3+Jh6hjY69X4/0xG7kod8f8AxBewg/OGrwZYfz0YdSQA5l7otSXHfSyQ69QmQlA/8QMJK76zUiDzDP2HudiWJXXkC8pa/QLE3tk3q7XNtKdwaXVVKX/TR2u9EctwWf8lQxjebOgWeAMDz+brco72Znkjxk52z37+i8126pEwF5b303edtDDSn/nEaUWFHILMSdan8vuYKYeLSACHfm7QH6+b2p4Z30ClQPlaUeMJyXWdzbHJ6MpvrZiOmJmwkJlt2BkFZ/h8tJKaaj01LZRvXYZ58Vk8nB5zEW63cXJzMmpjEj8f3PKZJTxr2Jvx/yBChnSrzCuCH83FVE4nxJVNluIx7onUnqADagAUt3mwSAj+SrU0ae4KRjCIkXmv/4aye3Wuvg/5SnTiQQHVjP+FSFLCR4ekwRIfF1ESjFAMBsGCSqGSIb3DQEJFDEOHgwAYgByAG8AawBlAHIwIQYJKoZIhvcNAQkVMRQEElRpbWUgMTc0NTMwOTU0OTc0ODCCCwEGCSqGSIb3DQEHBqCCCvIwggruAgEAMIIK5wYJKoZIhvcNAQcBMGYGCSqGSIb3DQEFDTBZMDgGCSqGSIb3DQEFDDArBBQTbW9uX7+2hlHFsbU+Jpl7RsaDUQICJxACASAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEECqS3HQGuEfISH7DLFn0mUmAggpwyk5y54jyxt0kMP/TKZzP3E2apwZlxlweNnuf7+kGZ2m9AtUskyWH37tvkr1SitSD4Y4gJva+ABCM78LMTveoFltx0tjmYNartslqZ0/g+to/NvdBrxcqt6nb8ORgL9XBQMQt9kjvDJisulsLtCtw6+aR6kF1Zfbg6x3mWXzaPvXVvO8+EjyFXoY1PbmCnTHhDlgbYzSLfy7znsRbfxhFd4O5l5I7sdH/2wNHIOo9lgYmkZWaKTDi0u2CuUT0W4Sd/9LG8HcGQFI51DB4M0xJ8IIRvI4MvrUmbYpbYsxytt4YPt3wjxyBKwxF9c809sfv/4a13Rsou2kXge6Q07S1kcVmRBfzB5L1hnwlIZWCexP4drAl7UHN7a/kfdfpLhtVhbhvKPcWmBFySiG3M3uXFHnYXrCJLNPKCK7qBie8eS+OcT2fuj4WvarBrv5zMjRzMxm/zBozRbsQf/HQgXCshowZfLfXINYqaJrcRec75+euJsd08VkZu7FWb9050Bvn9eFON+wTDDqhirwF5fuBT9hONNXqqlRutxGFYw3eN58bX2SRxB41xDtliGSaBJ2EpNsHMXhXlnMh4r4g2xVmdw7iEBNpsNmZWuSIA8mRZ8BxorlirBC18LjeNokyCRS8Vd/AQqMytzLFgOv6PHvbGWZncd2/TieVbX5+naF4Sk/Rv54Vo+mG+J3KuvE+k9xHEHmnhG1PO/YP4/EMRVbJvQvPLI0lFka4li0AWLpwSnFZF9AIJPgiW3JJdvZc/MvopGSc+n//oiQf9X9tkYNu2Edy2yCl3YPtFNROf/ajX/gnOj16HnIc6DOLcXpPJfLDpFEAYTgX7ygp5IrGouYCibJRJGY6qfk9mbJTZeiy/CgzBfY5NYn0Rh6Qt45yGKIXeI7YusoTUiSVZy/k6hMb4TnI0M7QxjrKjnBddLlRS7MHunJ+WoF/okRhA/tElhmYoSYUdqV7UwhZZi+bpBHGHJj/pSTgybU/I/+/bWAC0CAYPmXIe2cWxrHbU/NaB5S5zKAnEUqfXJK2hPe7pWRMJ2y77dV+M3wLizH+/bUrCyiRZ4JXtDcR3c1azmDAIvYMOcpOpCGxIJ0fZRVnmhc9TctOQ1FG/Wr45lgK9Kw8jjqBcr9fuhnxM9EFy74KF6fijEKuqRzpgKTV4TfcoYGGfF/8dJkSmjknLXGSTwbLDXzrD2diMv5rXhIZe2BjJoROl+lgYG+deksIk1x46/oOFvWxxCAfLHe/x5gLMnK6ZnrbnCraEyqHDCMWUguiU4+eLqwmUgSupLwWrhWYQ96t5yMm2psSc7qmq7jTzgCjcrky/0KJndzv9rNBxO6W11EME6hIoqAIGGiiQIUt8EQGGls6F5jrcBHXZgXhnQFd41U7rhJKiDz8B2qiXYHCb5bMPhigS3IOZdy1L12rLwdKAsWloV+6JlTpo5yWSfe9ChPXDmpHjfb9BnCDqPkGAEIgx7Thz0ed6n4MqSWvBRmvgJ4MzO3uLkV9S3nr0GGXUO3nnDMBxPD74pxL7JKDyvnUnvZyjGOK1n0i9g4yOgGpo7tEN3+i4QOtTs9NzOEno+xJ0DC7oBy4NVhBjpZdv7ib8Rwiq/IbGnLV3Jb7BELyMiAAlEzuUBbAgUBKiqVCcJQ22BVMLQVusj6eeR3F4ILnK4AN2rtJi0ix9/0XoG9BJA1lTgOxwBnnQr2pQQB5svIdxptjx7TLDbFGDMDQU4BBhZyBcZQaTEnonF5VSZJVPnnKEZLtOeUFIVJxnw/swUn8iT43fVx7e6gaKixSLb3BXtaaHQPQXSA7rM5MGZN+nybeZhTf2OfP8eJMJ5lziC/DiOcGObGkdNQzx6cU80ritx5r0wEHnvafItm3BfkppcvXo7z2Lv8apOp3FAzcpOiXSpo/uhS5RQueEUqzRijLpPqroIVDudkhKQ8hykUIZy5GarZwu2Afo6C3FDtHdFEN/6OCNJJbxJMdvk9AWL6X0VJfySrF9j+J13OWEPMGTPdrmLE/lAYSFn32HCIVtai2cXTlg1AiBinKLjkTO4WLHPNSoivahRtcgr/tKh0Vqa7/OGKC5AxPkUED+NhCt4LbDkTj2YuCvQkoUUThjscHT1atUPwTAWXbWyUDtkOWu4UC2+j5qS1eZ26YyfIJt4njQwHeEmE3LD3u5AJ9dMqY/2F29dAf5cpPMHsSgOCV637mQlCow4yuBpk3sXi2CxoO8btKnE+vKDmMirE8RmOQkudmEFTJHEOZqpM/TwOrhmcVL2evrZ4UC1WY/IeuJ7yzpYQw++SQmL6g+ZVD+y8XeXT11igVhLv+zexG0LkcX6X7AkurQLMZLpSNlLK73NxKN9ONU14aKosgpWXUV14U7Tc0kbwzBJJf8H8W+G/X3cy8RYjVKywDFEUvs7dcvmiEErAMNiRksbpHC1JX3sCMvp/cYb02OPbupxHLjktdPAgJvUESHgjuTwKcb4SGZWX06ZZuB/3eBWiNP4DVkRJ7xOBarcdgaX1KNM5Z8rBTRPh1AroO7bInc36ewMrXMOatOQQfguZ2KEyehsFMEDvRwm4DiYcswFRNzBeqX/h57lI1FU8iRGzv1xcHDK2c6nDsgiICBXaXtvjlhYu8B2NybRtUlaq//GGW5XX4QV3d8+lZbcdsbdCvNNhyoToaYDnexrzq/t7y1UiIxxxOJoLVwjI1o1fXxYr5CPXoZWSeioxuUINCrpWVkMnx66wN2MMSr7UroYVJu001LdFCKjvXziC9D/PTWxT8opBA8dJ/Fq6aixl2F1AZX1YPcceU5l7fMMvVNpSB8Z5ekOel/gsZTDSzjxRv0BIoZHiRrE5U2NdOOt4lqkw8gmkwa0Th4lrEpuj5ePpbsf24YEzCTWDOiCZ7avOgukKm7t4Gj4yWQvNEjiFQOQIw4OBIW4wyDI2ejXo+hx/ndh4sRRvdo77CwMoXlMyd+QCK2owEemgP5DNhVBQhhgHWg6YugM+fMfEf8uK5HsORtRP9FVQI4WgEZBJCRLtrG1vAekB4lNQB1YGxe5l8u1Naye6IGM19aZAAzlbAg/MXdYoTtxMtfPuYvYWVLY9OTMp27sUv9ur202eluvsPcbXYDAUkTtFcre9sgNF7nTGpOwcOkUl7DCcg5FU5FqT0IIdNVsRBUsyZwdieLvAk5dGs9GJy/rMdi76/N2490KBZ5qXYLVu6uA4SX2zo7JN2rac6GqBrgZmcj6gWQCafpjqIuCVxQLG2WVMnhUI+gyM7yDiWGnNaxxIF0pH/97aWOyMnGm1C3T1hgk4DMxFhUHRPUEC/rLT2CPFoKQLAwT+vUsmI1BmhxDbjbIcOs7pDEw+Remn253c9mu2c+TnAyxJpcE4JJr+MFmYSRt3Cl82VV298593/I2jEURMdg+IvvmxEyuvDsR1lHjYRlYtiZcjzmEfeBjj7bJ66SaU/zwGhd/HpraoPPbnGAgw8wQ2PUn1EkYJf9NniPoqK4VKBYuZuNzZjuHYZjwafAvjjTDcsNzaMNgpvowIuR3sBdMKjlgFGZSKdgcOvEsTj/8MaUpoN10pY9qYQAKowTTAxMA0GCWCGSAFlAwQCAQUABCDIyDPKdSWPIfFAf37IRVwKWOFhQ2skN6yXXvnZqSNYSAQUPvF0Hxw8kb56ztYOvKdTkrpPSCMCAicQ
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURBVENDQWVtZ0F3SUJBZ0lVVE9ybXgwZmU2RUpvbS9DajV0NGJFdEQzLzM0d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0R6RU5NQXNHQTFVRUF3d0VUWGxEUVRBZ0Z3MHlOVEEwTWpJd09ERXlNamRhR0E4eU1USTFNRE15T1RBNApNVEl5TjFvd0R6RU5NQXNHQTFVRUF3d0VUWGxEUVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDCkFRb0NnZ0VCQUxnTDdFTWdVMGgybnJNZ1daMDU3S0ljVElIa3VsbUczRW5kOElpUkpUYXZqQkxlUHVWNHFDTUoKYTBDSW44aUpyV0pEajZ0KzY0c1hLWWNUY1Z1eVZPM3pubXdaOGZXR2xTT25GdzRJSFVSQTl5VW1KSkpEaXA4YQpiTUxrbVFDUU10RjdPL2d1NTBaQ3FRNC8rUGNQTnpsWWpjb0ZSUG9WQkxwZWhsSWFjaGY0MDh1VEpTaXdMVkRvClhqV2tENUFhTHluV0JUOU01WVBudnZKZU9nUlQwL3l1SmtyNXdjTHZjTFFpVmRoaGpLeEpiS1pmNHM0QWo1RXoKWHd0dFRHMXQxSDJkUmlmbFlBRnBlN0xLbjhKQ2RNbXlqU0krT0w1ZXRReUNaTEova2RBYTZNbmFyTThucktvbgpMd2N6ekNSVFIvbEF1bGFObkJuYlIzYXBGUUhmdVZjQ0F3RUFBYU5UTUZFd0hRWURWUjBPQkJZRUZJQW90ZS9TCmJSYkdSL09VN1NjU1FSQ08yYU1UTUI4R0ExVWRJd1FZTUJhQUZJQW90ZS9TYlJiR1IvT1U3U2NTUVJDTzJhTVQKTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUZ0dlh3Q25HTXBIcTVLOQpyYTNuUEhHVVNBdnhMenNSYkhKRjhsODZnOVZIcHBTSmhxaTh5UHE3UXhGTmg4SXFXd25sR2NqNUpEWkhkY3lXCndMdEMvbVpqSDVhRVVvdW1Ua2g3TlVTaHA0SWQvQVhLUmFLcytMUEdEUUwwZmpTbDMvd3oraU1jV1RBR2o2emEKOEZ5TCtGM3o0dDZVMHZDN05QSGpMbGNFMHlZTDdPMDhCN3hsOEU0QjRjeWZSOWR4RXZFS3RLUTdMYkZ6WWtQUgpUNHRzRlRhbHl6ZWtKRWhld25Wc3FzeUZZaUlDaVBSWDRBcllqZEZjMXlzSTFoM2FWM2VHYVdWVllSblk5eTkvCmoxNTY0OWhwMHVRWm0wYTMwbHNOM0NIczRBU0gyNUs1cElpd211OXJvbHR2TEZsTjlMQ1dDNFBoQ013MktMRk8KNVp4bjVJST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKekNDQWcrZ0F3SUJBZ0lVUWE0ME05alI3VUxvV1poUWswYlB6Ykk4alQ4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0R6RU5NQXNHQTFVRUF3d0VUWGxEUVRBZ0Z3MHlOVEEwTWpJd09ERXlNekJhR0E4eU1USTFNRE15T1RBNApNVEl6TUZvd0VURVBNQTBHQTFVRUF3d0dZMnhwWlc1ME1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQXlzMGpzb3Mvc1g2c2dPT2d5UGN4K25jQUN4RHRDQ1B2cmhxdVlKczcxVDZZYkh1LzNLakEKSEYvdGRIL216SFJiVzhHUFRPV1MvbEVoOTdkb1poMGpXZGJOQ09TNUFJVHZMNDVHVGhOK2h0Zk9mckduUDFSNAprTzlrYjJ1S1U1azg4bzQ4TDJUSXAwS1VObEFmRngxbjZ4RzBrbDJUQ2JFWE1xNWxDZXRnS2VkTVF2TXpzcnVGCk8zV0FGaGh3Ymx4TnZ3bi9PeEN5WkZ1aTVWU1c5Q0svbW1LVVdrcE56L0VkeTMxK1Via1dlRlJRTk5oNk9YTXYKQ3l4aWhabHpwa1NGekczQXN4TklnRDlhdFR2UXRnbHliZU5vajRNRWlJMXdJbVdmUWdEVEREZHZ4UUl1OXpRRQpPM3Y1R2c1dXdacEovQjdSQjRZU0hGRUF3ZlE2YW1JM2RRSURBUUFCbzNjd2RUQUxCZ05WSFE4RUJBTUNCNEF3CkV3WURWUjBsQkF3d0NnWUlLd1lCQlFVSEF3SXdFUVlEVlIwUkJBb3dDSUlHWTJ4cFpXNTBNQjBHQTFVZERnUVcKQkJRVUFjd3lZbm56TnJ3Q1R2b1F3THMwZGltbFhEQWZCZ05WSFNNRUdEQVdnQlNBS0xYdjBtMFd4a2Z6bE8wbgpFa0VRanRtakV6QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFBK2VISmpIMVNHUTJFdlBsdzdHTWhpRzNqdVluCnlTL3l2UG4zN0hNR0dWTDM4ODMxMjdNb21OWVlrOStQcXJwdGd5U3hyRWdFV2h3ME9INFR1UjZ6T0dnTnRTYVEKV2lKYjBoWmNQd3dKbk9Db2dUYkIyeUxaS1pjdEIzVnByOE1sT2RsTFdPUTJKditDRldzeXlqcXNBdzFJaGRBbQpYb3F3aHZvRHRrdmErN09QR0VSN1E2SVFBZU1GYlp2SlhOd2sxRVN2QlNWdTcvTWtia0lGMnRIckJQZ213aGJaCjYrdXNpcXFzYTB1Mnl6dzJtNnRjcEV1SGNGWHlkcFJYTy80aGhSdWs1MUdhakxHYkJtM0gvQ1dnU2NHVnU2Sm4KSXREalp0aGJIT2tiMWlXMmRkT1lOU05IZzZMOXpMYWZ4UHEzZEFhNloyWGNqSDVHOXErMFVuUHhDUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRREt6U095aXoreGZxeUEKNDZESTl6SDZkd0FMRU8wSUkrK3VHcTVnbXp2VlBwaHNlNy9jcU1BY1grMTBmK2JNZEZ0YndZOU01WkwrVVNIMwp0MmhtSFNOWjFzMEk1TGtBaE84dmprWk9FMzZHMTg1K3NhYy9WSGlRNzJSdmE0cFRtVHp5amp3dlpNaW5RcFEyClVCOFhIV2ZyRWJTU1haTUpzUmN5cm1VSjYyQXA1MHhDOHpPeXU0VTdkWUFXR0hCdVhFMi9DZjg3RUxKa1c2TGwKVkpiMElyK2FZcFJhU2szUDhSM0xmWDVSdVJaNFZGQTAySG81Y3k4TExHS0ZtWE9tUklYTWJjQ3pFMGlBUDFxMQpPOUMyQ1hKdDQyaVBnd1NJalhBaVpaOUNBTk1NTjIvRkFpNzNOQVE3ZS9rYURtN0Jta244SHRFSGhoSWNVUURCCjlEcHFZamQxQWdNQkFBRUNnZ0VBTHlHejNTZk5tck9rNWFPQlY1TlRrekVhMm5lSmp1M0RJMFJpS0dPTGFVak4KNWRCd3k1aVFaVWZLQ053OHlHRjJaZ0c3Q3hVRHI0VXRqc09hU0xrVzRTY3hxWkoyaUc5Y28wRytoeUN5dENYdApnTFpLOTBYcmEwdW5uTmx5WVhGb243cDh0RXNJOHc1ZklheEhQWGtCRUxtaHJLNkFvS3oraGpIUG01bVBWTTFZCjlXS2N5U1FTRFVoWE0vZ0hXVS90cFV0Q1ZiM091UTdoT3ZaNFM1STgwR1ZRU1RrMmhCV1pXcmNYUTlmM0QxbjUKYUpLR0g5L2F5VjdWaTI4Q2ZiNGhHNzZ2T2pPanJXRVUzMkExM0JLcHR5WFBTWHFWNHVyd2NaanNzRVBpVXFVVgptMy9TZkNuZFVJdjhTSDlWNmtjRnZSNFNxSlp5ajJFQXBvSGNsamlkMVFLQmdRRCtrTG9xSzl2UWpxUzZXUGZKCk93VThTQ0UwNkpGZnd5SVRHb1lrbHlRc29od0M2RXo1NDdPTUtxWnRxMWVQTXl5WkNJUEZRZDljRFBFYW1VNWMKcDdpVGMwNVBLRlRrZ25ETkV3VUZSa2VtSDBBVS9DYmhzRDhsVVJnUUFnR1p1UC8rZUV0NHJITzh2bDJmeVU3dApoczRuT3ZpeHEweGZFWmtnaXNxUUQ5alArd0tCZ1FETDhicmY4c3lnS2VBK2lBdG5GdnNMeStoNkttelRqRTVICjZHU3J0ZnVnVWtlSUV3UlhVQ0Npblo5UVZmdzZzRGh0TVZjN3NTTGRUeTgyNEJrci9kQkJsUlJ2VTBObzVpVSsKYVNJZCtac2t4UnVIV3c1Sy9ZbkFsTHo1VGQ3Z00zbi9VT1JDOVBtUnNEbmlDZm9LSG41N3U1YTBnSFlXWVFpbgpYT05CZ1VyTFR3S0JnUURubnV1a1gwK2NEWTNZZUFiTXM4VHB1bjlzVW9lamFEcml3dWwyOVlaV2poR0ttNjhlClY0NFFaT1lWTnlkdUJoUDRFZ1ZEUDlKcFFPVkhYR0l1Yi9URFJORGx1VDYwdy9LNnhTbDJTU0g4QnNjWjBPdlgKd2JOUzB0eGdCRk5NZVVXRFZoVGxjWlBGRWpqQm9Ec09aKysvUmlydURYeHBxK3QxN3BLc1RaN3FiUUtCZ1FEQgpMaUp6aTB0azB3WEVkWjFIY3k4dGgyS1loYU03NTRVbSsreVA4ZnQ5YXpLeXBFRFNhK1hkNHl4TExvZVRGK1Q3CkdXZWw5UzR2TDVocmhHNlRpd0kvZlBVMFZreGVDdEp3Z2FsOWR6Z0w1bUVqSDQ4MFhXQ2tlTDlmN3ZFVXNlMzMKZUNvZmVta0VKVWRPNDJCalFXdFJ6T2o5NVVqMS9jZnlzRHZiaXByTVpRS0JnUUQ0eXBqbFovTmM0dUQvS2E5MApBSWdZNkhCaWpSd2VHMDJlOXVERzRUYlZBMnFwaGxIK0F6amV2Z3prUTVwcnBqQjI4eXVTc3VlaUwvY0l6OFhvCmVmNnUxaDhNZ3pKK0trQm5yazRTMWFHaDkwMnlwMGowY0Mxd1ZGKzlqREdFazNaajZ5c0JOeHE0OVU4RE5yOGgKS20rWjIyVWpOSXE4TThaSTc1a29la3RIV1E9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==
kind: Secret
metadata:
name: activemq-tls
namespace: ef-external
type: kubernetes.io/tls
-
Run these commands to create a secret.
kubectl apply -f activemq-tls.yaml
For Components
-
Copy the kubernetes secret to expertflow namespace.
kubectl get secret activemq-tls -n ef-external -o yaml | sed 's/namespace: ef-external/namespace: expertflow/' | kubectl create -f -
-
Update the component tag to TLS enabled one.
-
Add volume and volumeMounts for the components that want to connect to ActiveMQ.
extraVolumes:
- name: activemq-tls
secret:
secretName: activemq-tls
extraVolumeMounts:
- name: activemq-tls
mountPath: /activemq
-
Please update these environment variables in
efConnectionVarssection.
ACTIVEMQ_KEY_STORE_PASSWORD: "Expertflow123"
ACTIVEMQ_KEY_STORE_PATH: "activemq_keystore.p12"
ACTIVEMQ_OPEN_WIRE_PORT: "61617"
ACTIVEMQ_STOMP_PORT: "61615"
ACTIVEMQ_TRANSPORT: ssl
ACTIVEMQ_TRUST_STORE_PASSWORD: "Expertflow123"
ACTIVEMQ_TRUST_STORE_PATH: "activemq_truststore.p12"
ACTIVEMQ_CLIENT_CERT: /activemq/tls.crt
ACTIVEMQ_CLIENT_KEY: /activemq/tls.key
ACTIVEMQ_CA_CERT: /activemq/ca.crt