Skip to main content

Enabling TLS Protocol Connection to the ActiveMQ

TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are cryptographic protocols designed to provide communication security over networks. Websites can use TLS to secure all communications between their servers and web browsers. TLS aims primarily to provide privacy and data integrity between two or more communicating applications.

ActiveMQ supports secure communication channels. The most common way to establish a secure communication channel is to associate a certificate with the target (broker). This section provides instructions on how to enable the TLS protocol connection to the ActiveMQ. The instructions include links to topics that are directly related to this procedure.

These instructions define the procedure for enabling the TLS protocol connection to the ActiveMQ.

Configuring TLS Protocol Connection for the First Time

Follow the instructions provided in the ActiveMQ TLS Connection Guide.

Upgrading from CxSAST 9.0.0

During the upgrade, the following two files are backed up in the ..\Checkmarx\Checkmarx ActiveMQ\conf path as follows:

  • activemq.xml is backed up as activemq_backup.xml

  • is backed up as credentials-enc_backup

Changes in the files above are automatically merged during the upgrade process.

ActiveMQ Clients and URI Mapping

The list below covers all Active MQ clients and from where each one reads the ActiveMQ URI:

  • Access Control (IIS) → Environment Variable (new)

  • Scans Manager Service → [dbo].[CxComponentConfiguration]

  • Results Service → [dbo].[CxComponentConfiguration]

  • Engine Service → Environment Variable (new)

  • Legacy Engine Service → [Config].[CxEngineConfigurationKeysMeta]

  • Engine Configuration Exporter Tool (not a service) → [Config].[CxEngineConfigurationKeysMeta]

Configuring Database values

The steps to configure database values in the [dbo].[CxComponentConfiguration] and [Config].[CxEngineConfigurationKeysMeta] are covered in the ActiveMQ TLS Connection Guide referred to above.

Configuring Environment Variables

In version 9.3.0, several environment variables have been introduced to CxSAST Manager and CxSAST Engine environments.

Access Control Environment Variables

In every Manager environment:

  • Set the ActiveMessageQueueURL environment variable with the ActiveMQ URI

Engine Service Environment Variables

In every Engine environment:

  • Set the CX_ES_MESSAGE_QUEUE_URL environment variable with the ActiveMQ URI


ActiveMQ URI is defined with the ActiveMQ Connection URI Step in the ActiveMQ TLS Connection Guide.

Restarting ActiveMQ Client Services

After you finished configuring, you have to restart the services listed below as outlined for changes to take effect:

  • After editing database (DB) values:

    • Scans Manager Service

    • Results Service

  • After editing Access Control (AC) environment variables:

    • Access Control Service (IIS)

  • After editing Engine Services (ES) environment variables:

    • Engine Service