This section describes how to modify the above samples to use SSL communications between the TIBCO Enterprise Message Service server and WebSphere application server and client container. This section assumes you have already set up and run the samples over unencrypted connections detailed in the previous sections.
In C:\tibco\EMS\bin\tibemsd.conf
, add the following lines:
listen = ssl://localhost:7243 ssl_server_identity = certs/server.cert.pem ssl_server_key = certs/server.key.pem ssl_password = password listen = tcp://localhost:7222
These lines explicitly set the tcp and ssl listen ports and specify the three required server-side SSL parameters: identity, private key, and password.
Save the file, stop and restart the TIBCO Enterprise Message Service server. When it restarts you should see messages like the following in the console window confirming SSL is enabled:
2003-01-13 13:48:34 Secure Socket Layer is enabled. 2002-01-13 13:48:34 Accepting connections on ssl://localhost:7243. 2002-01-13 13:48:34 Accepting connections on tcp://localhost:7222.
TIBCO Enterprise Message Service is pre-configured with a sample SSL queue and topic connection factory. This step will create new JNDI names for the sample connection factories that are then be used throughout the rest of this section.
tibemsadmin
tool and entering the command show factories
. The names SSLQueueConnectionFactory
and SSLTopicConnectionFactory
should be among the names displayed.
Edit the jndi.properties
file created in Configure WebSphere for the TIBCO Enterprise Message Service JNDI Provider and add the following lines:
These properties specify that the "SSL" protocol should be used for JNDI lookups, and that host verification is turned off (the JMS client will trust any host).
This procedure adds the additional jar files required for SSL to the CLASSPATH
. It also modifies the external provider URL and the external JNDI name properties of the TIBCO JMS provider within the application server.
This causes the application server to connect to the SSL port on the TIBCO Enterprise Message Service server for JNDI lookups of administered objects. Additionally, the connection factory external JNDI names are modified to specify SSL connection factories (connection factories that create SSL-based connections).
C:\tibco\ems\clients\java\jcert.jar C:\tibco\ems\clients\java\jnet.jar C:\tibco\ems\clients\java\jsse.jar C:\tibco\ems\clients\java\tibcrypt.jar
7222
to 7243
.7243
after the host specification and change the name of the factory that is looked up to sample.SSLQCF
.
That is, change tibjmsnaming://localhost/sample.QCF
to tibjmsnaming://localhost:7243/sample.SSLQCF
.
tibjmsnaming://localhost/sample.TCF
to tibjmsnaming://localhost:7243/sample.SSLTCF
.7243
.This procedure modifies the resource reference and the resource environment references of the point-to-point sample MDB. This causes the sample point-to-point MDB to connect to the SSL port on the TIBCO Enterprise Message Service server for JNDI lookups of administered objects.
Additionally, the connection factory external JNDI name is modified to specify a SSL connection factory (connection factory that creates SSL-based connections).
MDBSamples.ear
file located in the <install_root
>/AppServer/samples/lib/MessageDrivenBean
s directory.tibjmsnaming://localhost/sample.QCF
to tibjmsnaming://localhost:7243/sample.SSLQCF
.tibjmsnaming://localhost/sample.Q2
to tibjmsnaming://localhost:7243/sample.Q2
.tibjmsnaming://localhost/sample.news
to tibjmsnaming://localhost:7243/sample.news
.tibjmsnaming://localhost/sample.Q1
to tibjmsnaming://localhost:7243/sample.Q1
.MDBSamples.ear
file located in the <install_root
>/AppServer/samples/lib/MessageDrivenBeans
directory.;C:\tibco\ems\clients\java\jcert.jar; C:\tibco\ems\clients\java\jnet.jar; C:\tibco\ems\clients\java\jsse.jar; C:\tibco\ems\clients\java\tibcrypt.jar
tibjmsnaming://localhost:7222
to tibjmsnaming://localhost:7243
.tibjmsnaming://localhost/sample.TCF
to tibjmsnaming://localhost:7243/sample.SSLTCF
.PtoPSampleClient.jar
, again appending to the Class Path:;C:\tibco\ems\clients\java\jcert.jar; C:\tibco\ems\clients\java\jnet.jar; C:\tibco\ems\clients\java\jsse.jar; C:\tibco\ems\clients\java\tibcrypt.jarChange
tibjmsnaming://localhost:7222
totibjmsnaming://localhost:7243
.Also change
tibjmsnaming://localhost/sample.QCF
totibjmsnaming://localhost:7243/sample.SSLQCF
.
MDBSamples.ear
file.Follow the same procedure to update the deployed application on the server as in the previous section.
Run the samples application client again. You should see the same results.
TIBCO Enterprise Message Service™ Application Integration Guide Software Release 4.3, February 2006 Copyright © TIBCO Software Inc. All rights reserved www.tibco.com |