Create Connection Factories for Secure Connections

This topic describes how to create a static connection factory for establishing a TLS connection.

Similar TLS parameters must be used when looking up the connection factory, as described in Perform Secure Lookups.

Connections that are to be secured using TLS identify the transport protocol as ’ssl’ and may include any number of the TLS configuration parameters listed in TLS Server Parameters.

For example, to create a generic connection factory, named mySecureFactory, that establishes a TLS connection to port 7243 on server1, start the EMS Administration Tool and enter: 

create factory mySecureFactory generic URL=ssl://server1:7243

To create a factory to set up a generic connection and check the server's certificate to confirm the name of the server is myServer, enter (all one line): 

create factory MySSLFactory generic url=ssl://7243 ssl_verify_host=enabled ssl_expected_hostname=myServer ssl_trusted=certs/server_root.cert.pem

To create a factory to set up a topic connection, check the server's certificate (but not the name inside the certificate), and to set the ssl_auth_only parameter so that TLS is only used by the client when creating the connection, enter (all one line): 

create factory AnotherSSLFactory topic url=ssl://7243 ssl_verify_host=enabled ssl_verify_hostname=disabled ssl_trusted=certs/server_root.cert.pem ssl_auth_only=enabled
Note: These samples assume that the certificate server_root.cert.pem is located in "certs" subdirectory of the directory where the server is running.

See TLS Protocol for details.