Integrate B2B's JMS1.1 client with ActiveMQ over 2-way SSL Authentication
Krishna Kishore Konda 270006M7XS Visits (5061)
S1.1 Services and Adapter offered in IBM Sterling B2B Integrator (B2B in-short) can be configured to interact with various MQ servers. Here the list of servers and their versions supported as of B2B 18.104.22.168_5 iFix release. Some of these server connections can happen over SSL mode as described in the link above.
In this article, I am going to cover steps involved to integrate B2B's JMS1.1 Client with ActiveMQ 5.14 server supporting 2-way SSL.
NOTE : I am using ActiveMQ 5.14 version here just for this demo. Please refer to B2B
Also IBM doesn't support ActiveMQ product as such. Users would have to troubleshoot errors and configuration issues on ActiveMQ side.
ActiveMQ server Configuration
1) Downloaded ActiveMQ server bundle from http
2) Before ActiveMQ is started, Create Certificate and keystore. Doc can be found here - http
I used keytool that comes with IBM JDK 7 (<jd
#Using keytool, create a certificate for the activemq broker: Server's private key
#Choose pasword of your choice for keystore.ks
#Export the broker's certificate so it can be checked into B2B: Server's public certificate
#Create a self-signed system certificate on B2B dashboard : Client's private key
#Check-out public part of this system certificate from B2B dashboard. I saved it as "jms
#Created truststore with B2B's public cert. Choose password of your choice for truststore.ks
Now I got keystore.ks and truststore.ks ready to be associated with ActiveMQ server.
3) Next go to <Act
Changes are to enable ssl URL for ActiveMQ and associate keystore files created in previous step
NOTE : Make sure needClientAuth attribute os appended broker's SSL URL.
4) Start ActiveMQ by issueing "./bin/activemq start" from <ActiveMQ_Home>
activemq.log is located under <Act
ActiveMQ Web UI can be opened through browser. activemq.log should have URL for this.
My activemq.log had ActiveMQ WebConsole available at http
B2B JMS1.1 client configuration
Check-in broker_cert.cer (i.e., broker's public certificate from previous section) as CA certificate in B2B dashboard. I used 5263_5 env.
Configure "JMS 1.1 Async Receive Adapter" as client to poll on a JMS Topic and consume messages posted. As you see this is configured over 2-way SSL.
You would see this line in jms.log in DEBUG mode that confirms adapter is successfully enabled
DEBUG Async thread starting the adapter finished successfully KK.J
Similarly, configuration of JMS1.1 Acquire Connection and Session Service below
Sample bpml to send messages to JMS Topic over 2-way SSL connection to ActiveMQ
*If there is ssl handshake failures, capture tcpdump and ssl logs
How to get tcpdump - http
To capture ssl logs -
add property to cust
and restart B2B. ssl logs from your testing would go into noap
*If you see "certificate unknown" error in tcpdump while using CA signed certificates (NOT self-signed) in your test, you may try to add all CA Certs into one single Certificate Group. You can do this through Edit screens of CA Certificates that were already checked-in.
* I have seen following exception while connecting to ActiveMQ installed Open JDK version 8. But no such connection errors when ActiveMQ runs on IBM JDK 7.
I suspect there are some incompatibilities when JMS client runs on IBM JDK 7 (i.e., B2B 22.214.171.124_5 is supported on JDK 7) and ActiveMQ Broker runs on JDK 8.
[2018-06-04 11:51:16.542] ERROR Marking this as failed connection as an exception was recieved