Enable ActiveMQ Secure Communication

By default, Agent Controllers communicate with the Configuration Server using the HTTP protocol, which means that the exchanged data can potentially be viewed by someone eavesdropping on the network. If this is a risk in your environment, you can switch the communication protocol to HTTPS using the guidelines provided in this section.
apmdevops106
By default, Agent Controllers communicate with the Configuration Server using the HTTP protocol, which means that the exchanged data can potentially be viewed by someone eavesdropping on the network. If this is a risk in your environment, you can switch the communication protocol to HTTPS using the guidelines provided in this section.
Enabling secure communication between the Agent Controller and the Configuration Server requires two stages of configuration. The first stage is to configure the ActiveMQ Broker embedded in the Configuration Server with a Key Store containing a private key and direct it to use the HTTPS protocol. The second stage is to configure the Agent Controller with a Trust Store that contains the public key for the broker.
ActiveMQ Broker requires a Key Store containing a single private-public key pair with the key password which is the same as the Key Store password. With the broker embedded in the Configuration Server, the same private key is used for both the user interface and the secure communications between an Agent Controller and the Configuration Server.
As installed, the Configuration Server comes with a default Key Store located within the config/security directory containing a default self-signed private-public key pair.
You can, however, replace the default Key Store with your own. After creating a replacement Key Store, export the public key into a file which will later be imported into an Agent Controller Trust Store.
It is a requirement of the ActiveMQ Broker that the Key Store contains only one key pair.
To configure the Configuration Server:
  1. Open the
    apmccsrv.properties
     file and verify that the
    javax.net.ssl.keyStore
     property points to the correct Key Store and that the correct password is set. The values below are default:
    javax.net.ssl.keyStore=config/security/default.keystore
    javax.net.ssl.keyStorePassword=xnCk9yqUWgWTHVQBqeMFdfLk7Wc8yYtB
    The
    javax.net.ssl.keyStorePassword
    property is automatically encrypted when you restart the Configuration Server. After the password is encrypted, you cannot decrypt it.
  2. In the
    apmccsrv.properties
     file, specify HTTPS as the protocol that ActiveMQ Broker will use:
    agentController.listener.protocol=https
  3. Restart the Configuration Server.
To configure the Agent Controller:
  1. Copy the Trust Store containing the Configuration Server certificate to the Agent Controller's file system.
  2. In the
    apmccctrl.properties
     file, update the URL for the Configuration Server for using the HTTPS protocol.
    Also specify the location and password for the Agent Controller's Trust Store.
    configurationServer.url=https://host.org:8888
    configurationServer.trustStore=
    <path to the Trust Store file>
    configurationServer.trustStorePassword=changeit
  3. Restart the Agent Controller.