You can configure TLS 1.2 between Distributed Cache Manager (DCM) and Message Queuing
Telemetry Transport (MQTT) broker in IBM®
Engineering Lifecycle Management
applications to improve the security of your deployment.
Procedure
-
Configure MQTT Broker support secure connections, see Configuring security for an endpoint for instructions.
-
Import the certificate that is associated with the secure endpoint on MQTT Broker to
client_keystore.jks of DCM.
-
Include Java properties for TLS settings in the distributedCache.start.bat
file as follows:
-Dcom.ibm.jsse2.overrideDefaultTLS=true
-Dcom.ibm.jsse2.overrideDefaultProtocol=TLSv12
-
Use the SSL protocol instead of TCP for MQTT broker address URL. Modify the
distributedCache.cfg file as follows:
[Counters]
...
# MQTT Broker to use for publishing counter information
broker = $E{MONITOR_MQTTBROKER,ssl://9.30.68.214:8883}
-
Update includeProtocols and excludeProtocols to limit the
allowed protocol to TLSv1.2 only in the distributedCache.cfg file as
follows:
[REST-SslContextFactory]
keyStorePath = client_keystore.jks
keyStorePassword* = {HRAaRQoT}
excludeProtocols = SSLv3, TLSv1.1, TLSv1
includeProtocols = TLSv1.2
allowRenegotiate = false