Security scanning tools find Activemq port 61613, 61616, 61617, and 61222 using an expired SSL Certificate on MAG

  • 7010673
  • 23-Aug-2012
  • 27-Aug-2012


Novell Access Manager 3.1 Linux Access Gateway
NetIQ Access Manager 3.2


Security scanning tools find Activemq port 61617 is using an expired SSL Certificate.


Open the following file in a editing utility:

Find the following lines:
        <transportConnector name="ssl" uri="ssl://localhost:61617"/>
        <transportConnector name="stomp" uri="stomp://localhost:61613"/>
        <transportConnector name="xmpp" uri="xmpp://localhost:61222"/>

Change the lines to:       
            <transportConnector name="ssl" uri="ssl://"/>
            <transportConnector name="stomp" uri="stomp://"/>
            <transportConnector name="xmpp" uri="xmpp://"/>

Restart activemq: /etc/init.d/novell-activemq restart

Check to see if the ports are still listening on :::* or re-scan using your security scanning software.


This is due to a bug in activemq. Even though we specify in the config file to listen on localhost only, it still listens on the public interface. The problem has been reported to engineering.