Configure SSL Button

The Configure SSL button allows you to configure the SSL parameters when the transport supports SSL and the SSL field is checked. The following are the fields of the Configure SSL dialog.

Basic

The Basic tab of the SSL Configuration dialog allows you to specify the simplest required SSL configuration parameters for the connection. The Basic tab has the following fields:

Field

Description

Trusted Certificates Folder

(JMS Transports)

Location of the trusted certificates on this machine. The trusted certificates are a collection of certificates from servers to whom you establish connections. If the server you want to establish a connection to presents a certificate that does not match one of your trusted certificates, the connection is refused.

This prevents connections to unauthorized servers.

Daemon Certificate

(TIBCO Rendezvous transports)

File containing one or more certificates from trusted certificate authorities. This file is checked when connecting to a daemon to ensure that the connection is to a daemon that is trusted. This prevents connections to rogue TIBCO Rendezvous daemons that attempt to impersonate trusted daemons.

You can retrieve a daemon’s certificate using the administration interface in TIBCO Rendezvous. For more information about obtaining certificates through the administration interface, see the TIBCO Rendezvous documentation. Once retrieved, you can select a folder in your project and import this certificate into the folder using the Tools>Trusted Certificates>Import Into PEM Format menu item.

Identity

This is an Identity resource used to authenticate to the JMS server or TIBCO Rendezvous daemon. The Browse button allows you to select from a list of appropriately configured Identity resources.

For TIBCO Rendezvous transports, only Identity resources with the Type field set to Identity File or Username/Password are listed.

For more information, see TIBCO Designer™ Palette Reference.

Advanced

The Advanced tab of the SSL Configuration dialog allows you to specify more advanced SSL configuration parameters for the connection. The Advanced tab is available only for JMS transports.

Field

Description

Trace

Specifies whether SSL tracing should be enabled during the connection. If checked, the SSL connection messages are logged and sent to the console.

Debug Trace

Specifies whether SSL debug tracing should be enabled during the connection. Debug tracing provides more detailed messages than standard tracing.

Verify Host Name

Specifies whether to verify that the host you are connecting to is the expected host. The host name in the host’s digital certificate is compared against the value you specify in the Expected Host Name field. If the host name does not match the expected host name, the connection is refused.

Expected Host Name

Specifies the name of the host you are expecting to connect to. This field is only relevant if the Verify Host Name field is also checked.

If the name of the host in the host’s digital certificate does not match the value specified in this field, the connection is refused.

This prevents other hosts from attempting to impersonate the specified host.

Strong Cipher Suites Only

When checked, this field specifies that the minimum strength of the cipher suites used can be specified with the bw.plugin.security.strongcipher.minstrength custom engine property. For more information about this property, see TIBCO ActiveMatrix BusinessWorks™ Administration. The default value of the property disables cipher suites with an effective key length below 128 bits.

When this field is unchecked, only cipher suites with an effective key length of up to 128 bits can be used.