Configure SSL
The SSL Configuration button allows you to configure the SSL connection parameters.
ssl_identity
and
ssl_verify_host
must be specified in the
factories.conf
file of the Enterprise Message Service server.
The following table describes the SSL Configuration dialog.
Field | Description |
---|---|
Trusted Certificates Folder | Location of the trusted certificates on this machine. The trusted certificates are a collection of certificates from servers to whom you will establish connections. If the server you wish to establish a connection presents a certificate that does not match one of your trusted certificates, the connection is refused.
This prevents connections to unauthorized servers. Trusted certificates must be imported into a folder, and then you can select the folder in this field. |
Identity | The location of the client certificate.
You only need to specify the client certificate when the JMS server requires client authentication. See Identity Resource Reference for more information. |
Trust Store Password | Specifies the password for the truststore.
Note: There are no restrictions on the password that you use. Do not keep this field empty.
|
Trace | Specifies whether SSL tracing should be enabled during the connection. If selected, the SSL connection messages are logged and sent to the console. |
Debug Trace | Specifies whether SSL debug tracing should be enabled during the connection. Debug tracing provides more detailed messages than standard tracing. |
Verify Host Name | Specifies whether you wish to verify that the host you are connecting to is the expected host. The host name in the host’s digital certificate is compared against the value you supply in the Expected Host Name field. If the host name does not match the expected host name, the connection is refused.
Note: The default context factories for TIBCO Enterprise Message Service automatically determine if host name verification is necessary. If you are using a custom implementation of the context factories, your custom implementation must explicitly set the verify host property to the correct value. For example: com.tibco.tibjms.TibjmsSSL.setVerifyHost(false) |
Expected Host Name | Specifies the name of the host you are expecting to connect to. This field is only relevant if the Verify Host Name field is also selected
If the name of the host in the host’s digital certificate does not match the value specified in this field, the connection is refused. This prevents hosts from attempting to impersonate the host you are expecting to connect to. |
Strong Cipher Suites Only | When selected, this field specifies that the minimum strength of the cipher suites used can be specified with the
bw.plugin.security.strongcipher.minstrength custom engine property. See TIBCO ActiveMatrix BusinessWorks Administration for more information about this property. The default value of the property disables cipher suites with an effective key length below 128 bits.
When this field is not selected, only cipher suites with an effective key length of up to 128 bits can be used. |