1.参考apache生成证书http://activemq.apache.org/how-do-i-use-ssl.html

生成broker.ks、 broker.ts与client.ks、 client.ts

ks即：keystore缩写，存放私钥，关联的证书或证书链

ts即：truststore缩写，存放客户端信任的证书（公钥）

 

 

2.配置activeMq broker 

将broker.ks    broker.ts 上传至服务器，与activemq.xml同一个目录下

修改activeMq.xml文件，

  <broker>  </broker> 内添加以下内容

<sslContext>
          <sslContext keyStore="file:${activemq.base}/conf/broker.ks"
                      keyStorePassword="123456"
                      trustStore="file:${activemq.base}/conf/client.ks"
                      trustStorePassword="123456"
                      />
        </sslContext>

修改mqtt 的连接方式如下：

 

 

 服务器配置完成，

 

java代码中MqttConnectOptions 设置ssl 配置如下，JKS 是keyStore 的类型，使用jdk生成的都是JKS 类型的

 

client = new MqttClient("ssl://localhost:1883", "Session_3");
connOpt = new MqttConnectOptions();
connOpt.setCleanSession(true);

Properties sslProperties = new Properties();

sslProperties.put(SSLSocketFactoryFactory.TRUSTSTORE, 
"/home/KeyStore.jks");
sslProperties.put(SSLSocketFactoryFactory.TRUSTSTOREPWD, "123456");
sslProperties.put(SSLSocketFactoryFactory.TRUSTSTORETYPE, "JKS");
sslProperties.put(SSLSocketFactoryFactory.CLIENTAUTH, true);

sslProperties.put(SSLSocketFactoryFactory.KEYSTORE, 
"/home/clientStore.jks");
sslProperties.put(SSLSocketFactoryFactory.KEYSTOREPWD, "123456");
sslProperties.put(SSLSocketFactoryFactory.KEYSTORETYPE, "JKS");


connOpt.setSSLProperties(sslProperties);

client.connect(connOpt);

client.subscribe("sample_T");

client.setCallback( new MQTTSampleSubscriber() );

至此，ssl双向加密完成