Environment
Novell Access Manager 3.1 Linux Access Gateway
NetIQ Access Manager 3.2
NetIQ Access Manager 3.2
Situation
Security scanning tools find Activemq port 61617 is using an expired SSL Certificate.
Resolution
Open the following file in a editing utility:
/opt/novell/activemq/conf/activemq.xml
Find the following lines:
<transportConnector name="ssl" uri="ssl://localhost:61617"/>
<transportConnector name="stomp" uri="stomp://localhost:61613"/>
<transportConnector name="xmpp" uri="xmpp://localhost:61222"/>
Change the lines to:
<transportConnector name="ssl" uri="ssl://127.0.0.1:61617"/>
<transportConnector name="stomp" uri="stomp://127.0.0.1:61613"/>
<transportConnector name="xmpp" uri="xmpp://127.0.0.1:61222"/>
Restart activemq: /etc/init.d/novell-activemq restart
Check to see if the ports are still listening on :::* or re-scan using your security scanning software.
/opt/novell/activemq/conf/activemq.xml
Find the following lines:
<transportConnector name="ssl" uri="ssl://localhost:61617"/>
<transportConnector name="stomp" uri="stomp://localhost:61613"/>
<transportConnector name="xmpp" uri="xmpp://localhost:61222"/>
Change the lines to:
<transportConnector name="ssl" uri="ssl://127.0.0.1:61617"/>
<transportConnector name="stomp" uri="stomp://127.0.0.1:61613"/>
<transportConnector name="xmpp" uri="xmpp://127.0.0.1:61222"/>
Restart activemq: /etc/init.d/novell-activemq restart
Check to see if the ports are still listening on :::* or re-scan using your security scanning software.
Cause
This is due to a bug in activemq. Even though we specify in the config
file to listen on localhost only, it still listens on the public
interface. The problem has been reported to engineering.