When setting the broker URL protocol to ssl, and when requiring client certificates from the build agents, how do I set the SSL context for the broker communication to restrict the trusted certificates or CAs? The activemq library used has an SSLContext where the trustStore can be set only for the broker (not for the whole VM), so this should be possible to do. Overriding the VM javax.net.ssl.trustStore is not feasible, since all other https-traffic going out from the Bamboo server will fail due to missing certificate trust.
I ended up proxying all broker traffic by setting the "Broker client URL" to the proxy server and using ssl-scheme. With the HAproxy I then check the Bamboo agent client certificate before relaying the traffic to the internal Bamboo server. Note that you will have to edit the wrapper.conf after installing the bamboo-agent installer with the 'install' command in order to add wrapper.java.additional.3=-Djavax.net.ssl.keyStore=/path/to/your/keystore.jks wrapper.java.additional.4=-Djavax.net.ssl.keyStorePassword=changeit wrapper.java.additional.5=-Djavax.net.ssl.trustStore=/path/to/your/truststore.jks wrapper.java.additional.6=-Djavax.net.ssl.trustStorePassword=changeit
Atlassian Summit is an excellent opportunity for in-person support, training, and networking.Learn more
Hello! I'm Rayen, a product manager at Atlassian. My team and I are working hard to improve the trial experience for Jira Software Cloud. We are interested in talking to 20 people planning t...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs