Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Set keystore for both ActiveMQ and Bamboo Server

Hi, I have set the keystore for Bamboo Server in ${INSTALL}/conf/server.xml  (along with non-default password) with a certificate that expires well into the future.  However, I am finding that the automatic certificate management that Bamboo uses for the ActiveMQ broker (${HOME}/xml-data/configuration/broker.ks) only creates a certificate that is valid for 3 months. I would like to use the same certificate for both so that I don't have to keep deleting the file so that Bamboo can create a new certificate for the broker.  I have tried the various SSL_OPTS=..., including following https://confluence.atlassian.com/bamboo/securing-your-remote-agents-289277197.html  - Special considerations/troubleshooting.  I find that no matter what, if I add -Dbamboo.manage.jms.ssl=false to either JAVA_TOOL_OPTIONS or as a parameter to start-bamboo.sh, the broker will continue to use the default file.  

I also can't find what the password is for the default broker.ks file, so I don't know if symlinking it to the server keystore will break everything, or perhaps creating my own broker.ks file there.  I tried both 'password' and 'changeit' and those were not the passwords.  

Does ActiveMQ look for a certificate alias of 'jmsbrokerkey'???

It is very annoying that the certificate expires every 3 months, meaning our regular network scans will flag our server as non-compliant. 

1 answer

0 votes
Jeremy Owen Atlassian Team Jul 05, 2018

Hey Jorge,

Try adding these arguments to your o your JVM_SUPPORT_RECOMMENDED_ARGS in <bamboo-install>/bin/setenvh.sh:

  • -Dbamboo.manage.jms.ssl=false
  • -Djavax.net.ssl.keyStore=/path/to/keystore
  • -Djavax.net.ssl.keyStorePassword=keystorepassword

We do a check to make sure both bamboo.manage.jms.ssl and javax.net.ssl.keyStore have been supplied before disabling the Automatic JMS SSL Management but setting a keystore in the Tomcat server.xml isn't equivalent to supplying it as an argument to the JVM.

If successful, you should see the below line logged logged to your <bamboo-home>/logs/atlassian-bamboo.log:

2018-07-06 10:02:58,345 INFO [localhost-startStop-1] [BambooBrokerService] Automatic JMS SSL management disabled

Does ActiveMQ look for a certificate alias of 'jmsbrokerkey'???

Yep, our implementation of securing the broker via JMS does look for a certificate of alias jmsbrokerkey.

Hope this helps! :)

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bamboo

Bamboo 101 Video

G’day Community! As we gear up to introduce Bamboo Data Center to the world, we wanted to make sure that we shared a bit more about Bamboo, the product. Our team has put together an overview video ...

227 views 4 6
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you