-
Suggestion
-
Resolution: Unresolved
-
None
-
None
Problem Definition
The certificate generated by the automatic keystore management feature has the following CN (common name):
... Owner: CN=Bamboo ActiveMQ Broker Issuer: CN=Bamboo ActiveMQ Broker ...
This creates a problem with the version of ActiveMQ bundled in Bamboo version 6.9.0 and higher. This version of ActiveMQ supports both server and client hostname verification. By default client side hostname verification is enabled. This means we're going to try and compare the CN (common name) of the certificate with the server hostname to verify they match. This won't work because they will not match, as you can see above. We're not issuing certificates that match the hostname of the server.
This results in the problem described inside the following kb article:
Some companies would like to benefit from using the automatic keystore management while having hostname verification enabled (socket.verifyHostName=true).
Suggested Solution
A few suggestions:
- Provide a way or mechanism to let Bamboo admins choose the certificate CN (common name).
- Copy the hostname from the bamboo.jms.broker.client.uri property inside the <Bamboo server home directory>/bamboo.cfg.xml file.
Workaround
No workarounds available at the moment.