Configuring HTTPS/SSL connections between the gateway and Message Bus
If you are using an HTTPS/SSL connection between the gateway and Message Bus, you must create a truststore to store the Message Bus digital certificate and point the gateway to the location of the truststore.
- Creating a client keystore file.
- Creating a truststore file for the target application to which the gateway is connecting.
You create a client keystore file and a truststore file by using the Java™ keytool utility. The keytool utility is located in the following directory:
$NCHOME/platform/arch/jre_directory/jre/bin/
Where:
- arch is the operating system you are running.
- jre_directory is the installation directory of your Java Runtime Environment (JRE).
When creating a truststore file for the target application to which the gateway is connecting, you also need to edit property values in the transport file specified in the Gate.XMLGateway.TransportFile property. The Gate.XMLGateway.TransportFile property is defined in the G_XML.props file.
The default transport file specified by the Gate.XMLGateway.TransportFile property in the G_XML.props file is $OMNIHOME/java/conf/jmsTransport.properties.
Creating a client keystore file
To create a client keystore file named client.jks and store in it a certificate for your client, run the following keytool command from the $NCHOME/platform/arch/jre_directory/jre/bin/ directory:
keytool
-genkey -alias youralias -keystore $OMNIHOME/java/security/client.jks
Creating a truststore file for the target application server to which the gateway is connecting
To create a truststore file for the target application to which the gateway is connecting, perform the following steps:
- Export the server certificate from the host running the target
application using Mozilla Firefox:
- Click the lock icon in the address bar.
- View and export the certificate to a file (for example: xml-host.crt).
Where:
- xml-host: Specifies the name of a host server that is running a gateway with the HTTPS transport module.
- Import the server certificate to the host where the gateway is
running:
- Copy the server certificate file to the host where the gateway is running.
- Run the following
keytool
command from the $NCHOME/platform/arch/jre_directory/jre/bin/ directory:keytool -import -keystore $OMNIHOME/java/security/cacerts.jks -file xml-host.crt -alias xml-host
Where:
- arch is the operating system you are running.
- jre_directory is the installation directory of your Java Runtime Environment (JRE).
- xml-host: Specifies the name of a host server that is running a gateway with the HTTPS transport module.
Open the transport file specified by the Gate.XMLGateway.TransportFile property defined in the G_XML.props file and modify the following transport file properties:
- Set the value of the keyStore property to
the full path of the keystore file. For example, if you created a
keystore file in the location $OMNIHOME/java/security,
then specify that path and the name of the keystore file (for example,
client.jks
) in the keyStore property in the httpTransport.properties file. - Set the value of the trustStore property
to the full path of the truststore file. For example, if you created
a truststore file in the location $OMNIHOME/java/security,
then specify that path and the name of the truststore file (for example,
cacerts.jks
) in the trustStore property in the httpTransport.properties file. - Set the value of the keyStorePassword property to the password that you set for the client keystore file.
- Set the value of the trustStorePassword property to the password that you set for the truststore file.
- Set the value of the keyStore property to
the full path of the keystore file. For example, if you created a
keystore file in the location $OMNIHOME/java/security,
then specify that path and the name of the keystore file (for example,