Chapter 18 Using the SSL Protocol : Configuring SSL in the Server

Configuring SSL in the Server
To use SSL, each instance of tibemsd must have a digital certificate and a private key. The server can optionally require a certificate chain or trusted certificates.
Set the server to listen for SSL connections from clients by using the listen parameter in tibemsd.conf. To specify that a port accept SSL connections, specify the SSL protocol in the listen parameter as follows:
listen = ssl://localhost:7243
SSL Parameters
Several SSL parameters can be set in tibemsd.conf. The minimum configuration is only one required parameter—ssl_server_identity. However, if the server’s certificate file does not contain its private key, then you must specify it in ssl_server_key.
SSL Server Parameters provides a complete description of the SSL parameters that can be set in tibemsd.conf.
Command Line Options
The server accepts a few command-line options for SSL.
When starting tibemsd, you can specify the following options:
-ssl_trace—enables tracing of loaded certificates. This prints a message to the console during startup of the server that describes each loaded certificate.
-ssl_debug_trace—enables more detailed SSL tracing for debugging only; it is not for use in production systems.
-ssl_password—specifies the private key password. Alternatively, you can specify this password in the ssl_server_password parameter in tibemsd.conf. If you do not supply a password using either of these methods, tibemsd will prompt for the password when it starts. For more information, see the description of the ssl_password configuration parameter.