Configuring the EMS Server for SSL

After importing the certificates, you have to configure the EMS server to use SSL to secure the communication between the EMS server and client.

See the TIBCO Enterprise Message Service User’s Guide for more details on how to configure SSL. Follow this procedure when modifying the tibemsd.conf configuration file.

Prerequisites

The samples in the EMI_HOME/sample/certs directory on IBM i are compatible with the sample certificates in the sample/certs directory of EMS 8.6.0 servers on other platforms. This procedure refers to this directory on the TIBCO EMS server as EMS_CERTS.

Procedure

  1. To specify the port on which to listen for SSL connections, add the following listen parameter to the EMS server configuration file :
    listen = ssl://url-id1:7243
  2. Configure the EMS server to use the server certificate that can be authenticated by IBM i:
    ssl_server_identity = EMS_CERTS/server.cert.pem
  3. Configure the private key and password for the EMS server:
    ssl_server_key = EMS_CERTS/server.key.pem
    ssl_password = password
  4. Configure the EMS server to trust the client certificate that is sent from IBM i:
    ssl_server_trusted = EMS_CERTS/client_root.cert.pem

What to do next

After configuring SSL, start the EMS server and verify that the server is active and listening on the secure socket port.