I am using stomp.py to establish a Stomp1.2 SSL connection to a ActiveMQ-Artemis/2.7.0.redhat-00056 ActiveMQ Artemis Messaging Engine. I have no control over the server and I was given the following instructions. (I am the Subscriber referred to below.)
Other party will provide a Trust Store file, a Certificate file and a pair of User ID and Password to each Subscriber. Depending on the subscriber system’s requirement, the subscriber might need to import the Certificate file into its server Certificate Store or Subscriber might need to embed the Trust Store file into its connection coding.
- Do I need any AMQ/Artemis configurations to embed the certificates? Or can I just pass in the required files through the
set_sslmethod found in http://jasonrbriggs.github.io/stomp.py/stomp.html#module-stomp.connect? - The files I received were
broker_cert.cer.txtandclient.ts. I am not sure how to use them. I have seen the answer in https://stackoverflow.com/a/50774783/16235794 and it make it sound like I would need to generate the.keyand.pemfiles. But if I am generating the files, how exactly is the other party supposed to verify them? What files should I be receiving from the other party for authentication purposes?
The stomp.py library doesn't validate the server certificate by default so invoking the
set_sslmethod just with the server address should work, ie:Invoke the
set_sslmethod with the PEM server certificate to validate the server certificate, ie:Use the keytoot tool to export the PEM server certificate from the
client.tstrust store or request it to the other party.See test_ssl.py for further details.