SSL Configuration
The SSL Configuration button allows you to configure the SSL connection parameters. The SSL Configuration dialog specifies the basic and advanced SSL parameters you can set for the JMS server you are connecting to.
ssl_identity
and ssl_verify_host
must be specified in the factories.conf
file of the Enterprise Message Service server.The following sections describe the SSL Configuration dialog.
Basic
The Basic tab of the SSL Configuration dialog allows you to specify the simplest required SSL configuration parameters for the connection.
Field |
Description |
Trusted Certificates Folder |
Location of the trusted certificates on this machine. The trusted certificates are a collection of certificates from servers to whom you establish connections. If the server you want to establish a connection presents a certificate that does not match one of your trusted certificates, the connection is refused. This prevents connections to unauthorized servers. Trusted certificates must be imported into a folder, and then you can select the folder in this field. |
Identity |
The location of the client certificate. This is a resource contained in the General palette. Specify the client certificate and Identity field when the JMS server requires client authentication. For more information, see TIBCO Designer™ Palette Reference. |
Advanced
The Advanced tab of the SSL Configuration dialog allows you to specify more advanced SSL configuration parameters for the connection.
Field |
Description |
Trace |
Specifies whether SSL tracing should be enabled during the connection. If checked, the SSL connection messages are logged and sent to the console. |
Debug Trace |
Specifies whether SSL debug tracing should be enabled during the connection. Debug tracing provides more detailed messages than standard tracing. |
Verify Host Name |
Specifies whether you want to verify that the host you are connecting to is the expected host. The host name in the host’s digital certificate is compared against the value you supply in the Expected Host Name field. If the host name does not match the expected host name, the connection is refused. Note: The default context factories for TIBCO Enterprise Message Service automatically determine if host name verification is necessary. If you are using a custom implementation of the context factories, your custom implementation must explicitly set the verify host property to the correct value. For example: com.tibco.tibjms.TibjmsSSL.setVerifyHost(false) |
Expected Host Name |
Specifies the name of the host you are expecting to connect to. This field is only relevant if the Verify Host Name field is also checked. If the name of the host in the host’s digital certificate does not match the value specified in this field, the connection is refused. This prevents hosts from attempting to impersonate the host you are expecting to connect to. |
Strong Cipher Suites Only |
When checked, this field specifies that the minimum strength of the cipher suites used can be specified with the When this field is unchecked, only cipher suites with an effective key length of up to 128 bits can be used. |