Configuring Web Service Task For JMS-SSL

You can configure a Web Service task to execute a remote service which is SSL enabled using JMS transport.

Procedure

  1. Select Web Service task in the process.
  2. Select the Transport tab under Properties.
  3. Verify the JMS and JNDI parameters are correctly configured.
  4. Select the Use SSL check box to use SSL for JNDI server connection.
  5. In SSL Password, enter the password any) to be used to connect to JNDI server.
  6. Click the Configure SSL button and configure the following SSL parameters:
    JMS SSL Configuration Parameters
    Field Description
    Trusted Certificates Folder Specifies the folder in the project containing one or more certificates from trusted certificate authorities. This folder is checked to ensure trusted connection with server. This prevents connections to rogue servers that attempt to impersonate trusted servers.
    Identity Specifies an Identity resource that contains the client’s digital certificate and private key.

    See TIBCO Designer Palette Reference for more information.
    Trace Specifies whether SSL tracing is enabled during the connection. If checked, the SSL connection messages are logged and sent to the console.
    Debug Trace Specifies whether SSL debug tracing is enabled during the connection. Debug tracing provides more detailed messages than standard tracing.

    If checked, the SSL connection (debug level trace) messages are logged and sent to the console
    Verify Host Name When checked, this field is used to ensure that the host name of the SOAP server is checked against the host name listed in the server’s digital certificate. This provides additional verification that the host name you are connecting to is in fact the desired host.

    If the host name specified in the Endpoint URL field on the Transport tab is not an exact match to the host name specified in the server’s digital certificate, the connection is refused.

    Note: If you specify an equivalent hostname (for example, an IP address) in the Endpoint URL field on the Transport tab, but the name is not an exact match of the hostname in the host’s digital certificate, the connection is refused.
    Expected Host Name Specifies the name of the host you are expecting to connect to. This field is relevant only if the Verify Host Name field is checked.

    If the name of the host in the host’s digital certificate does not match the value specified in this field, the connection is refused.

    This prevents hosts from attempting to impersonate the host you are expecting to connect to.
    Strong Cipher Suites Only When checked, this field specifies that the minimum strength of the cipher suites used can be specified with the bw.plugin.security.strongcipher.minstrength custom engine property.

    See TIBCO ActiveMatrix BusinessWorks Administration for more information.

    The default value of the property disables cipher suites with an effective key length less than 128 bits.

    When this field is unchecked, only cipher suites with an effective key length of up to 128 bits can be used.
  7. Save the project.