To use SSL, each instance of tibemsd
must have a digital certificate and a private key. The server can optionally require a certificate chain or trusted certificates.
Set the server to listen for SSL connections from clients by using the listen
parameter in tibemsd.conf
. To specify that a port accept SSL connections, specify the SSL protocol in the listen
parameter as follows:
Several SSL parameters can be set in tibemsd.conf
. The minimum configuration is only one required parameterssl_server_identity
. However, if the server’s certificate file does not contain its private key, then you must specify it in ssl_server_key
.
Within Table 18, the section SSL Server Parameters provides a complete description of the SSL parameters that can be set in tibemsd.conf
.
The server accepts a few command-line options for SSL.
When starting tibemsd
, you can specify the following options:
-ssl_trace
enables tracing of loaded certificates. This prints a message to the console during startup of the server that describes each loaded certificate.-ssl_debug_trace
enables more detailed SSL tracing for debugging only; it is not for use in production systems.-ssl_password
specifies the private key password. Alternatively, you can specify this password in the ssl_server_password
parameter in tibemsd.conf
. If you do not supply a password using either of these methods, tibemsd
will prompt for the password when it starts. For more information, see the description of the ssl_password
configuration parameter.
TIBCO Enterprise Message Service™ User’s Guide Software Release 4.3, February 2006 Copyright © TIBCO Software Inc. All rights reserved www.tibco.com |