Chapter 7 Integrating With IBM WebSphere Application Server Version 6.1 : Modify the Samples to Use SSL Communications

Modify the Samples to Use SSL Communications
This section describes how to modify the above samples to use SSL communications between the TIBCO Enterprise Message Service server and WebSphere application server and client container. This section assumes you have already set up and run the samples over unencrypted connections, as detailed in the previous sections.
Enable SSL in the TIBCO Enterprise Message Service Server
This section describes the steps that enable SSL in the tibemsd.
1.
In EMS_HOME\bin\tibemsd.conf, add the following lines:
   listen = ssl://localhost:7243
   
   ssl_server_identity = certs/server.cert.pem
   ssl_server_key = certs/server.key.pem
   ssl_password = password
   
   listen = tcp://localhost:7222
These lines explicitly set the tcp and ssl listen ports and specify the three required server-side SSL parameters: identity, private key, and password.
2.
3.
Start the TIBCO EMS server with the -ssl_debug_trace option:
   > tibemsd -ssl_debug_trace
See Starting the EMS Server of the TIBCO Enterprise Message Service User’s Guide for more information.
When the server restarts you should see messages like the following in the console window confirming SSL is enabled:
2008-06-11 13:48:34 Secure Socket Layer is enabled.
2008-06-11 13:48:34 Accepting connections on ssl://localhost:7243.
2008-06-11 13:48:34 Accepting connections on tcp://localhost:7222.
Create JNDI Names for the SSL Queue and Topic Connection Factories
TIBCO Enterprise Message Service is pre-configured with a sample SSL queue and topic connection factory. This step will create new JNDI names for the sample connection factories that are then be used throughout the rest of this section.
1.
Verify that the SSL connection factories exist by starting the tibemsadmin tool and entering the command show factories. The names SSLTopicConnectionFactory and SSLQueueConnectionFactory should be among the names displayed.
2.
> create jndiname sample.SSLTCF jndiname SSLTopicConnectionFactory
> create jndiname sample.SSLQCF jndiname SSLQueueConnectionFactory
Add Additional SSL JNDI Properties to WebSphere
Locate the jndi.properties file in the WebSphere installation directory:
<installation_directory>\properties\jndi.properties
If it does not already exist, create a text file called jndi.properties in the directory.
Edit the jndi.properties file to add the following lines:
com.tibco.tibjms.naming.security_protocol=ssl
com.tibco.tibjms.naming.ssl_enable_verify_host=false
com.tibco.tibjms.naming.ssl_vendor=j2se-default
These properties specify that the "SSL" protocol should be used for JNDI lookups, and that host verification is turned off (the JMS client will trust any host).
Configure SSL Communications Between the Application Server and the TIBCO Enterprise Message Service Server
This procedure adds the additional jar files required for SSL to the CLASSPATH. It also modifies the external provider URL and the external JNDI name properties of the TIBCO JMS provider within the application server.
This causes the application server to connect to the SSL port on the TIBCO Enterprise Message Service server for JNDI lookups of administered objects. Additionally, the connection factory external JNDI names are modified to specify SSL connection factories (connection factories that create SSL-based connections).
1.
From the WebSphere Administrative Console, expand Resources > JMS > JMS providers and choose TIBCO in the content pane.
2.
Add the following lines to the Class path property value:
   EMS_HOME\jar\tibjms.jar
   EMS_HOME\jar\TIBCrypt.jar
3.
Change the port number of the External Provider URL property from tibjmsnaming://localhost:7222 to:
   tibjmsnaming://localhost:7243
4.
Click the OK button.
Configure the Topic Connection Factory
5.
In the WebSphere navigation pane, choose Resources > JMS > Topic connection factories.
6.
Select TIBCOConnectionFactory1.
This is the connection factory created in Create a Topic Connection Factory.
7.
8.
Click the OK button.
Configure the Queue Connection Factory
9.
In the WebSphere navigation pane, choose Resources > JMS > Queue connection factories.
10.
Select TIBCOConnectionFactory2.
This is the connection factory created in Create a Queue Connection Factory.
11.
12.
Click the OK button.
13.
Click Save.
14.
Run the Samples Application Clients
Run the samples application client again:
1.
From the EMS_HOME\samples\java directory, type the command:
> java tibjmsTopicPublisher -server ssl://localhost:7243 -topic sample.weather "hello world"
2.
From the EMS_HOME\samples\java directory, type the command:
> java tibjmsQueueSender -server ssl://localhost:7243 -queue sample.Q1 "hello world 2"
3.
Open the WebSphere application server log, located in <installation_directory>\logs\<your server>\SystemOut.log, and verify that the WebSphere MDB consumed the sent messages.