AMQP Security Configuration
The Universal Messaging server supports the following security configurations when the AMQP protocol is used:
1. Plain AMQP
2. AMQP over SASL
3. AMQP over alternative TLS
Currently, AMQP over negotiated TLS is not supported.
AMQP over SASL
The Universal Messaging server supports the following SASL mechanisms:
1. Anonymous
2. CRAM-MD5
3. DIGEST-MD5
4. Plain
You can enable and disable these mechanisms by using the AMQP configuration options in Enterprise Manager as explained in the section
AMQP Plugin Configuration.
We recommend using the SASL Plain mechanism over a TLS Connection.
By default, the SASL anonymous authentication is used and the client can connect without providing a username or password. After the connection has been established, the ability to perform various operations is derived from the realm's ACL lists. If any other SASL type is used, then Basic Authentication also needs to be configured on the realm.
For more information on configuring basic authentication, see the section "Server-side Authentication" on the page
Basic Authentication in the Java section of the Universal Messaging Developer Guide.
AMQP over alternative TLS
The AMQP connection over alternative TLS can be established when the server has a running NSPS interface. In that case, the client should set the following system variables:
set CAKEYSTORE=<TRUST KEYSTORE PATH>
set CAKEYSTOREPASSWD=<TRUST KEYSTORE PASSWORD>
set CKEYSTORE=<CLIENT KEYSTORE PATH>
set CKEYSTOREPASSWD=<CLIENT KEYSTORE PASSWORD>
Then use the amqps://<hostname>:<port> URL to establish the connection.