Chapter 8 Integrating With IBM WebSphere Application Server Version 5 : Modify the Samples to Use SSL Communications

Modify the Samples to Use SSL Communications
This section describes how to modify the above samples to use SSL communications between the TIBCO Enterprise Message Service server and WebSphere application server and client container. This section assumes you have already set up and run the samples over unencrypted connections detailed in the previous sections.
Enable SSL in the TIBCO Enterprise Message Service Server
In C:\tibco\EMS\bin\tibemsd.conf, add the following lines:
listen = ssl://localhost:7243
ssl_server_identity = certs/server.cert.pem
ssl_server_key = certs/server.key.pem
ssl_password = password
listen = tcp://localhost:7222
These lines explicitly set the tcp and ssl listen ports and specify the three required server-side SSL parameters: identity, private key, and password.
Save the file, stop and restart the TIBCO Enterprise Message Service server. When it restarts you should see messages like the following in the console window confirming SSL is enabled:
2003-01-13 13:48:34 Secure Socket Layer is enabled.
2002-01-13 13:48:34 Accepting connections on ssl://localhost:7243.
2002-01-13 13:48:34 Accepting connections on tcp://localhost:7222.
Create JNDI Names for the SSL Queue and Topic Connection Factories
TIBCO Enterprise Message Service is pre-configured with a sample SSL queue and topic connection factory. This step will create new JNDI names for the sample connection factories that are then be used throughout the rest of this section.
1.
Verify that the SSL connection factories exist by starting the tibemsadmin tool and entering the command show factories. The names SSLQueueConnectionFactory and SSLTopicConnectionFactory should be among the names displayed.
2.
 
> create jndiname sample.SSLQCF jndiname SSLQueueConnectionFactory
> create jndiname sample.SSLTCF jndiname SSLTopicConnectionFactory
Add the Additional SSL JNDI Properties to WebSphere
Edit the jndi.properties file created in Configure WebSphere for the TIBCO Enterprise Message Service JNDI Provider and add the following lines:
 
com.tibco.tibjms.naming.security_protocol=ssl
com.tibco.tibjms.naming.ssl_enable_verify_host=false
These properties specify that the "SSL" protocol should be used for JNDI lookups, and that host verification is turned off (the JMS client will trust any host).
 
Configure SSL Communications Between the Application Server and the TIBCO Enterprise Message Service Server
This procedure adds the additional jar files required for SSL to the CLASSPATH. It also modifies the external provider URL and the external JNDI name properties of the TIBCO JMS provider within the application server.
This causes the application server to connect to the SSL port on the TIBCO Enterprise Message Service server for JNDI lookups of administered objects. Additionally, the connection factory external JNDI names are modified to specify SSL connection factories (connection factories that create SSL-based connections).
1.
From the WebSphere Administrative Console, expand Resources > Generic JMS Providers and choose TIBCO in the content pane.
2.
Add the following line to the Classpath property value:
   EMS_HOME\jar\tibcrypt.jar
3.
Change the port number of the External Provider URL property from 7222 to 7243.
4.
Click the Apply button.
5.
In the content pane under Additional Properties, choose JMS Connection Factories.
6.
Choose TIBCO Connection Factory.
7.
For the External JNDI Name property value, add port 7243 after the host specification and change the name of the factory that is looked up to sample.SSLQCF.
That is, change tibjmsnaming://localhost/sample.QCF to tibjmsnaming://localhost:7243/sample.SSLQCF.
8.
Click the OK button.
9.
Repeat the above steps for TIBCO Connection Factory1, changing tibjmsnaming://localhost/sample.TCF to tibjmsnaming://localhost:7243/sample.SSLTCF.
10.
Navigate to Generic JMS Providers > TIBCO.
11.
Choose JMS Destinations.
12.
Modify the External JNDI Name value for each of the destinations to specify port 7243.
13.
Click the Save button on the task bar of the Administrative Console (and Save again to confirm).
14.
Configure SSL Communications between the Point-to-Point Sample MDB and the TIBCO Enterprise Message Service Server
This procedure modifies the resource reference and the resource environment references of the point-to-point sample MDB. This causes the sample point-to-point MDB to connect to the SSL port on the TIBCO Enterprise Message Service server for JNDI lookups of administered objects.
Additionally, the connection factory external JNDI name is modified to specify a SSL connection factory (connection factory that creates SSL-based connections).
1.
2.
Open the MDBSamples.ear file located in the <install_root>/AppServer/samples/lib/MessageDrivenBeans directory.
3.
Expand EJBModules > PtoPSampleMDB.jar > Message Driven Beans > PtoPSampleMDB.
4.
Choose Resource References. The name JMS/SamplePPQCF should appear in the content pane.
5.
Click the Bindings tab.
6.
Change the value of JNDI Name from tibjmsnaming://localhost/sample.QCF to tibjmsnaming://localhost:7243/sample.SSLQCF.
7.
Click the Apply button.
8.
In the navigation pane, choose Resource Environment References. The name JMS/SampleOutputQueue should appear in the content pane.
9.
Click the Bindings tab.
10.
Change the value of JNDI Name from tibjmsnaming://localhost/sample.Q2 to tibjmsnaming://localhost:7243/sample.Q2.
11.
Click the Apply button.
12.
Choose File > Save from the menu.
Configure SSL Communications between the Application Client and the TIBCO Enterprise Message Service Server
1.
In the Application Assembly Tool, expand MDBSamples > Application Clients > PSSampleClient > Resource Environment References.
2.
In the content pane, choose jms/news and then click the Bindings tab.
3.
Change the value of the JNDI name from tibjmsnaming://localhost/sample.news to tibjmsnaming://localhost:7243/sample.news.
4.
Click the Apply button.
5.
6.
Expand MDBSamples > Application Clients > PtoPSampleClient > Resource Environment References.
7.
In the content pane, choose jms/Q1 and click the Bindings tab.
8.
Change the value of the JNDI name from tibjmsnaming://localhost/sample.Q1 to tibjmsnaming://localhost:7243/sample.Q1.
9.
Click the Apply button.
10.
11.
12.
13.
 
   <install_root>\AppServer\bin>clientConfig
14.
Open the MDBSamples.ear file located in the <install_root>/AppServer/samples/lib/MessageDrivenBeans directory.
15.
Expand PSSampleClient.jar > JMS Providers.
16.
Right-click on TIBCO and select Properties.
17.
   EMS_HOME\jar\tibcrypt.jar
18.
Change the value of the Provider URL property from tibjmsnaming://localhost:7222 to tibjmsnaming://localhost:7243.
19.
Click the OK button.
20.
Expand PSSampleClient.jar > JMS Providers > TIBCO > JMS Connection Factories.
21.
Right-click on TIBCOConnectionFactory1 and select Properties.
22.
Change the value of the External JNDI Name property from tibjmsnaming://localhost/sample.TCF to tibjmsnaming://localhost:7243/sample.SSLTCF.
23.
Click the OK button.
24.
Repeat the above steps for PtoPSampleClient.jar, again appending to the Class Path:
   EMS_HOME\jar\tibcrypt.jar
Change tibjmsnaming://localhost:7222 to tibjmsnaming://localhost:7243.
Also change tibjmsnaming://localhost/sample.QCF to tibjmsnaming://localhost:7243/sample.SSLQCF.
25.
Save the EAR file by choosing File > Save from the menu.
26.
Close the MDBSamples.ear file.
27.
Update the Deployed Application on the Server
Follow the same procedure to update the deployed application on the server as in the previous section.
Run the Samples Application Client
Run the samples application client again. You should see the same results.