Modify the Samples to Use SSL Communications


This section describes how to modify the above samples to use SSL communications between the TIBCO Enterprise Message Service server and WebSphere application server and client container. This section assumes you have already set up and run the samples over unencrypted connections detailed in the previous sections.

Enable SSL in the TIBCO Enterprise Message Service Server

In C:\tibco\EMS\bin\tibemsd.conf, add the following lines:

listen = ssl://localhost:7243  
  
ssl_server_identity = certs/server.cert.pem  
ssl_server_key = certs/server.key.pem  
ssl_password = password  
  
listen = tcp://localhost:7222  

These lines explicitly set the tcp and ssl listen ports and specify the three required server-side SSL parameters: identity, private key, and password.

Save the file, stop and restart the TIBCO Enterprise Message Service server. When it restarts you should see messages like the following in the console window confirming SSL is enabled:

2003-01-13 13:48:34 Secure Socket Layer is enabled.  
2002-01-13 13:48:34 Accepting connections on ssl://localhost:7243.  
2002-01-13 13:48:34 Accepting connections on tcp://localhost:7222.  

Create JNDI Names for the SSL Queue and Topic Connection Factories

TIBCO Enterprise Message Service is pre-configured with a sample SSL queue and topic connection factory. This step will create new JNDI names for the sample connection factories that are then be used throughout the rest of this section.

  1. Verify that the SSL connection factories exist by starting the tibemsadmin tool and entering the command show factories. The names SSLQueueConnectionFactory and SSLTopicConnectionFactory should be among the names displayed.
  2. Create new JNDI names for the existing SSL connection factories by entering the following commands:
  3. > create jndiname sample.SSLQCF jndiname SSLQueueConnectionFactory 
    > create jndiname sample.SSLTCF jndiname SSLTopicConnectionFactory 
    

Add the Additional SSL JNDI Properties to WebSphere

Edit the jndi.properties file created in Configure WebSphere for the TIBCO Enterprise Message Service JNDI Provider and add the following lines:

com.tibco.tibjms.naming.security_protocol=ssl 
com.tibco.tibjms.naming.ssl_enable_verify_host=false 

These properties specify that the "SSL" protocol should be used for JNDI lookups, and that host verification is turned off (the JMS client will trust any host).

For WebSphere 5.1, add the following line in addition to those above:
com.tibco.tibjms.naming.ssl_vendor=j2se-default 

Configure SSL Communications Between the Application Server and the TIBCO Enterprise Message Service Server

This procedure adds the additional jar files required for SSL to the CLASSPATH. It also modifies the external provider URL and the external JNDI name properties of the TIBCO JMS provider within the application server.

This causes the application server to connect to the SSL port on the TIBCO Enterprise Message Service server for JNDI lookups of administered objects. Additionally, the connection factory external JNDI names are modified to specify SSL connection factories (connection factories that create SSL-based connections).

  1. From the WebSphere Administrative Console, expand Resources->Generic JMS Providers and choose TIBCO in the content pane.
  2. Add the following lines to the Classpath property value:
  3.    C:\tibco\ems\clients\java\jcert.jar 
       C:\tibco\ems\clients\java\jnet.jar 
       C:\tibco\ems\clients\java\jsse.jar 
       C:\tibco\ems\clients\java\tibcrypt.jar 
    
  4. Change the port number of the External Provider URL property from 7222 to 7243.
  5. Click the Apply button.
  6. In the content pane under Additional Properties, choose JMS Connection Factories.
  7. Choose TIBCO Connection Factory.
  8. For the External JNDI Name property value, add port 7243 after the host specification and change the name of the factory that is looked up to sample.SSLQCF.
  9. That is, change tibjmsnaming://localhost/sample.QCF to tibjmsnaming://localhost:7243/sample.SSLQCF.

  10. Click the OK button.
  11. Repeat the above steps for TIBCO Connection Factory1, changing tibjmsnaming://localhost/sample.TCF to tibjmsnaming://localhost:7243/sample.SSLTCF.
  12. Navigate to Generic JMS Providers->TIBCO.
  13. Choose JMS Destinations.
  14. Modify the External JNDI Name value for each of the destinations to specify port 7243.
  15. Click the Save button on the task bar of the Administrative Console (and Save again to confirm).
  16. Stop and restart the application server to allow the changes to take effect.

Configure SSL Communications between the Point-to-Point Sample MDB and the TIBCO Enterprise Message Service Server

This procedure modifies the resource reference and the resource environment references of the point-to-point sample MDB. This causes the sample point-to-point MDB to connect to the SSL port on the TIBCO Enterprise Message Service server for JNDI lookups of administered objects.

Additionally, the connection factory external JNDI name is modified to specify a SSL connection factory (connection factory that creates SSL-based connections).

  1. Start the WebSphere Application Assembly Tool.
  2. Open the MDBSamples.ear file located in the <install_root>/AppServer/samples/lib/MessageDrivenBeans directory.
  3. Expand EJBModules->PtoPSampleMDB.jar->Message Driven Beans->PtoPSampleMDB.
  4. Choose Resource References. The name JMS/SamplePPQCF should appear in the content pane.
  5. Click the Bindings tab.
  6. Change the value of JNDI Name from tibjmsnaming://localhost/sample.QCF to tibjmsnaming://localhost:7243/sample.SSLQCF.
  7. Click the Apply button.
  8. In the navigation pane, choose Resource Environment References. The name JMS/SampleOutputQueue should appear in the content pane.
  9. Click the Bindings tab.
  10. Change the value of JNDI Name from tibjmsnaming://localhost/sample.Q2 to tibjmsnaming://localhost:7243/sample.Q2.
  11. Click the Apply button.
  12. Choose File->Save from the menu.

Configure SSL Communications between the Application Client and the TIBCO Enterprise Message Service Server

  1. In the Application Assembly Tool, expand MDBSamples->Application Clients->PSSampleClient->Resource Environment References.
  2. In the content pane, choose jms/news and then click the Bindings tab.
  3. Change the value of the JNDI name from tibjmsnaming://localhost/sample.news to tibjmsnaming://localhost:7243/sample.news.
  4. Click the Apply button.
  5. Repeat the above steps for the sport and weather destinations as well.
  6. Expand MDBSamples->Application Clients->PtoPSampleClient->Resource Environment References.
  7. In the content pane, choose jms/Q1 and click the Bindings tab.
  8. Change the value of the JNDI name from tibjmsnaming://localhost/sample.Q1 to tibjmsnaming://localhost:7243/sample.Q1.
  9. Click the Apply button.
  10. Repeat the above steps for the Q2 destination.
  11. Save the MDBSamples.ear file (File->Save).
  12. Exit the Application Assembly Tool.
  13. Start the WebSphere Application Client Resource Configuration Tool from a console window by entering:
  14.    <install_root>\AppServer\bin>clientConfig 
    
  15. Open the MDBSamples.ear file located in the <install_root>/AppServer/samples/lib/MessageDrivenBeans directory.
  16. Expand PSSampleClient.jar->JMS Providers.
  17. Right-click on TIBCO and select Properties.
  18. Append the following line to the end of the value for the Class Path property:
  19.    ;C:\tibco\ems\clients\java\jcert.jar; 
       C:\tibco\ems\clients\java\jnet.jar; 
       C:\tibco\ems\clients\java\jsse.jar; 
       C:\tibco\ems\clients\java\tibcrypt.jar 
    
  20. Change the value of the Provider URL property from tibjmsnaming://localhost:7222 to tibjmsnaming://localhost:7243.
  21. Click the OK button.
  22. Expand PSSampleClient.jar->JMS Providers->TIBCO->JMS Connection Factories.
  23. Right-click on TIBCOConnectionFactory1 and select Properties.
  24. Change the value of the External JNDI Name property from tibjmsnaming://localhost/sample.TCF to tibjmsnaming://localhost:7243/sample.SSLTCF.
  25. Click the OK button.
  26. Repeat the above steps for PtoPSampleClient.jar, again appending to the Class Path:
  27.    ;C:\tibco\ems\clients\java\jcert.jar; 
       C:\tibco\ems\clients\java\jnet.jar; 
       C:\tibco\ems\clients\java\jsse.jar; 
       C:\tibco\ems\clients\java\tibcrypt.jar 
     

    Change tibjmsnaming://localhost:7222 to tibjmsnaming://localhost:7243.

    Also change tibjmsnaming://localhost/sample.QCF to tibjmsnaming://localhost:7243/sample.SSLQCF.

  28. Save the EAR file by choosing File->Save from the menu.
  29. Close the MDBSamples.ear file.
  30. Exit the Application Client Resource Configuration Tool.

Update the Deployed Application on the Server

Follow the same procedure to update the deployed application on the server as in the previous section.

Run the Samples Application Client

Run the samples application client again. You should see the same results.


TIBCO Enterprise Message Service™ Application Integration Guide
Software Release 4.3, February 2006
Copyright © TIBCO Software Inc. All rights reserved
www.tibco.com