When setting the broker URL protocol to ssl, and when requiring client certificates from the build agents, how do I set the SSL context for the broker communication to restrict the trusted certificates or CAs? The activemq library used has an SSLContext where the trustStore can be set only for the broker (not for the whole VM), so this should be possible to do. Overriding the VM javax.net.ssl.trustStore is not feasible, since all other https-traffic going out from the Bamboo server will fail due to missing certificate trust.
I ended up proxying all broker traffic by setting the "Broker client URL" to the proxy server and using ssl-scheme. With the HAproxy I then check the Bamboo agent client certificate before relaying the traffic to the internal Bamboo server. Note that you will have to edit the wrapper.conf after installing the bamboo-agent installer with the 'install' command in order to add wrapper.java.additional.3=-Djavax.net.ssl.keyStore=/path/to/your/keystore.jks wrapper.java.additional.4=-Djavax.net.ssl.keyStorePassword=changeit wrapper.java.additional.5=-Djavax.net.ssl.trustStore=/path/to/your/truststore.jks wrapper.java.additional.6=-Djavax.net.ssl.trustStorePassword=changeit
Over the next several weeks we'll be sharing some of our Getting Started guides here in the community. Throughout this series of posts, we'd love to hear from customers and non-customers ab...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs