Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Set keystore for both ActiveMQ and Bamboo Server

Jorge Suarez June 26, 2018

Hi, I have set the keystore for Bamboo Server in ${INSTALL}/conf/server.xml  (along with non-default password) with a certificate that expires well into the future.  However, I am finding that the automatic certificate management that Bamboo uses for the ActiveMQ broker (${HOME}/xml-data/configuration/broker.ks) only creates a certificate that is valid for 3 months. I would like to use the same certificate for both so that I don't have to keep deleting the file so that Bamboo can create a new certificate for the broker.  I have tried the various SSL_OPTS=..., including following  - Special considerations/troubleshooting.  I find that no matter what, if I add -Dbamboo.manage.jms.ssl=false to either JAVA_TOOL_OPTIONS or as a parameter to, the broker will continue to use the default file.  

I also can't find what the password is for the default broker.ks file, so I don't know if symlinking it to the server keystore will break everything, or perhaps creating my own broker.ks file there.  I tried both 'password' and 'changeit' and those were not the passwords.  

Does ActiveMQ look for a certificate alias of 'jmsbrokerkey'???

It is very annoying that the certificate expires every 3 months, meaning our regular network scans will flag our server as non-compliant. 

1 answer

0 votes
Jeremy Owen
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 5, 2018

Hey Jorge,

Try adding these arguments to your o your JVM_SUPPORT_RECOMMENDED_ARGS in <bamboo-install>/bin/

  • -Dbamboo.manage.jms.ssl=false

We do a check to make sure both bamboo.manage.jms.ssl and have been supplied before disabling the Automatic JMS SSL Management but setting a keystore in the Tomcat server.xml isn't equivalent to supplying it as an argument to the JVM.

If successful, you should see the below line logged logged to your <bamboo-home>/logs/atlassian-bamboo.log:

2018-07-06 10:02:58,345 INFO [localhost-startStop-1] [BambooBrokerService] Automatic JMS SSL management disabled

Does ActiveMQ look for a certificate alias of 'jmsbrokerkey'???

Yep, our implementation of securing the broker via JMS does look for a certificate of alias jmsbrokerkey.

Hope this helps! :)

Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events