Configuring EMS over SSL on Application Servers
To configure EMS over SSL, configure the application servers and then specify the values for the TIBCO EMS configuration properties in Configurator.
Procedure
-
Configuring WebSphere Application Server
- Stop the application server.
- Copy the following JAR files from $EMS_HOME/lib to $WAS_HOME/lib/ext folder:
-
Configuring JBoss WildFly Application Server
- Create a module with name as com.tibco.mdm in JBoss WildFly application server - 10.1.x version. For more information on creating module, see Module Creation.
- Copy the following JAR files in this module (inside main directory) from $EMS_HOME/lib
- Copy the following JAR files in this module. The JAR files are available in the classpath of the JBoss WildFly application server or in JAVA_HOME\jre\lib directory:
-
Update the
module.xml file as follows:
<module xmlns="urn:jboss:module:1.3" name="com.tibco.mdm"> <resources> <resource-root path="tibcrypt.jar"/> <resource-root path="slf4j-api-1.4.2.jar"/> <resource-root path="slf4j-simple-1.4.2.jar"/> <!-- if these 2 JARS copied in the module then add --> <resource-root path="jsse.jar"/> <resource-root path="jce.jar"/> </resources> <dependencies> <module name="javax.api" /> <module name="javax.jms.api" /> <module name="javax.resource.api" /> <!-- These are required for EMS with SSL --> <system export="true"> <paths> <path name="sun/security/ssl" /> <path name="com/sun/net/ssl/internal/ssl" /> <path name="sun/security/util" /> <path name="sun/security/validator" /> <path name="sun/security/provider" /> <path name="javax/net/ssl" /> <path name="sun/net/www/protocol/https" /> </paths> </system> </dependencies> -
Add the global module in subsystem section
<subsystem xmlns="urn:jboss:domain:ee:4.0"> in
JBOSS_HOME/standalone/configuration/standalone.xml.
<subsystem xmlns="urn:jboss:domain:ee:4.0"> <global-modules> <module name="com.tibco.mdm" slot="main"/> </global-modules> </subsystem>OR
Add a dependency in jboss-deployment-structure.xml in ECM.ear/META-INF in dependency section:
<dependencies> <system export="true"> <paths> <path name="com/sun/net/ssl/internal/ssl" /> </paths> </system> <module name="com.tibco.mdm"/> </dependencies> -
Add the following in the JVM arguments in
$JBOSS_HOME/bin/standalone.conf.bat
Dcom.tibco.tibjms.ssl.enable_verify_host_name=false Dcom.tibco.tibjms.ssl.enable_verify_host=true Dcom.tibco.tibjms.ssl.expected_hostname=server Dcom.tibco.tibjms.ssl.trusted=$EMS_HOME/samples/certs/server_ root.cert.pem
-
Configuring TIBCO MDM
- Log on to Configurator.
-
Navigate to
Queue Setup > Messaging Cluster > TIBCO EMS.
Change the value of Localhost Server Connection String property to ssl://hostname:portno
-
Navigate to
Bus Setup > Cluster > TIBCO EMS.
Change the value of Localhost Server Connection String property to ssl://hostname:portno
- Navigate to InitialConfig > Member1 > Security Provider > IBM
-
Add the following in the JVM arguments:
Dcom.tibco.tibjms.naming.security_protocol=ssl Djsse.providerClass=com.ibm.jsse2.IBMJSSEProvider2 Dcom.tibco.tibjms.ssl.expected_hostname=server Dcom.tibco.tibjms.ssl.enable_verify_host_name=false Dcom.tibco.tibjms.ssl.enable_verify_host=false Dcom.tibco.tibjms.ssl.trusted=/local/vsadmin/server_root.cert.pem (you can copy this out-of-box certificate from $EMS_HOME/samples/certs folder)
- Start the application server.
-
Log on to TIBCO MDM.
TIBCO MDM starts running on SSL.
Copyright © Cloud Software Group, Inc. All rights reserved.