Configuring HTTPS/SSL connections between the gateway and Message Bus

If you are using an HTTPS/SSL connection between the gateway and Message Bus, you must create a truststore to store the Message Bus digital certificate and point the gateway to the location of the truststore.

Configuring SSL connections between the gateway and Message Bus consists of two tasks:
  1. Creating a client keystore file.
  2. Creating a truststore file for the target application to which the gateway is connecting.

You create a client keystore file and a truststore file by using the Java™ keytool utility. The keytool utility is located in the following directory:

$NCHOME/platform/arch/jre_directory/jre/bin/

Where:

  • arch is the operating system you are running.
  • jre_directory is the installation directory of your Java Runtime Environment (JRE).
Note: When running the gateway on a 64-bit operating system, use the Java keytool utility that delivers with the 64-bit Java Runtime Environment (JRE).

When creating a truststore file for the target application to which the gateway is connecting, you also need to edit property values in the transport file specified in the Gate.XMLGateway.TransportFile property. The Gate.XMLGateway.TransportFile property is defined in the G_XML.props file.

The default transport file specified by the Gate.XMLGateway.TransportFile property in the G_XML.props file is $OMNIHOME/java/conf/jmsTransport.properties.

Creating a client keystore file

To create a client keystore file named client.jks and store in it a certificate for your client, run the following keytool command from the $NCHOME/platform/arch/jre_directory/jre/bin/ directory:

keytool -genkey -alias youralias -keystore $OMNIHOME/java/security/client.jks

Note: You will be prompted to create a password for the client keystore file. Then keytool will prompt you for the details of the certificate to be entered; for each prompt enter something appropriate for your organization.

Creating a truststore file for the target application server to which the gateway is connecting

To create a truststore file for the target application to which the gateway is connecting, perform the following steps:

  1. Export the server certificate from the host running the target application using Mozilla Firefox:
    1. Click the lock icon in the address bar.
    2. View and export the certificate to a file (for example: xml-host.crt).

      Where:

      • xml-host: Specifies the name of a host server that is running a gateway with the HTTPS transport module.
  2. Import the server certificate to the host where the gateway is running:
    1. Copy the server certificate file to the host where the gateway is running.
    2. Run the following keytool command from the $NCHOME/platform/arch/jre_directory/jre/bin/ directory:
      keytool -import -keystore $OMNIHOME/java/security/cacerts.jks -file
xml-host.crt -alias xml-host

    Where:

    • arch is the operating system you are running.
    • jre_directory is the installation directory of your Java Runtime Environment (JRE).
    • xml-host: Specifies the name of a host server that is running a gateway with the HTTPS transport module.

  3. Open the transport file specified by the Gate.XMLGateway.TransportFile property defined in the G_XML.props file and modify the following transport file properties:

    1. Set the value of the keyStore property to the full path of the keystore file. For example, if you created a keystore file in the location $OMNIHOME/java/security, then specify that path and the name of the keystore file (for example, client.jks) in the keyStore property in the httpTransport.properties file.
    2. Set the value of the trustStore property to the full path of the truststore file. For example, if you created a truststore file in the location $OMNIHOME/java/security, then specify that path and the name of the truststore file (for example, cacerts.jks) in the trustStore property in the httpTransport.properties file.
    3. Set the value of the keyStorePassword property to the password that you set for the client keystore file.
    4. Set the value of the trustStorePassword property to the password that you set for the truststore file.