Fix Pack 8550

Securing JMS communications in the Liberty profile by using SSL

You can configure the ssl-1.0 feature to enable secure communication between the two Liberty servers.

Before you begin

To secure JMS communications by using SSL, you must configure the SSL feature by providing SSL certificate-related configurations. For more information, see Enabling SSL communication for the Liberty profile.

Procedure

  1. Configure SSL on the server.
    • Service integration bus has the following default SSL configuration.
      <wasJmsEndpoint id="InboundJmsCommsEndpoint" 
	host="*"
	wasJmsSSLPort="7286" >
<wasJmsEndpoint/>

      Service integration bus inbound uses the <keyStore> element as the default SSL configuration. See Enabling SSL communication for the Liberty profile for detailed information.

    • To modify the configuration to point to a different SSL configuration other than the default, refer to the following example.
      <keyStore id="customKeyStore" location="key.jks" type="JKS" password="{xor}NDombm1s" />

	<ssl id="CustomSslNewOptions" keyStoreRef="customKeyStore"/> 
 
	<wasJmsEndpoint id="InboundJmsCommsEndpoint"
		host="*"
		wasJmsSSLPort="7286">
	<sslOptions sslRef="CustomSslNewOptions" />
	</wasJmsEndpoint>
    • If the <wasJmsEndpoint> configuration is successful, then the service integration bus successfully bounds to port 7286 for secure communications. The JMS client can connect to the messaging engine in a secure way by using SSL.
  2. Configuring the client
    • By default, service integration bus creates an outbound chain that is called < BootstrapSecureMessaging>. This chain uses the <keyStore> element as a default configuration.
      <wasJmsOutbound id="BootstrapSecureMessaging"
	useSSL=”true”>
</wasJmsOutbound>
    • To change the default SSL configuration to point to some other configuration, refer to the following example:
      <keyStore id="customKeyStore" location="key.jks" type="JKS" password="{xor}NDombm1s" />

	<ssl id="CustomSslNewOptions" keyStoreRef="customKeyStore"/> 

<wasJmsOutbound id="BootstrapSecureMessaging"
		 		 useSSL=”true”>
	<sslOptions sslRef="CustomSslNewOptions" />
 </wasJmsOutbound>
    • To connect a messaging engine by using the secure communication, specify a secure chain in the <remoteServerAddress> element in the connection factory. 
      <jmsQueueConnectionFactory jndiName="jndi_JMS_BASE_QCF">
	<properties.wasJms
remoteServerAddress="localhost:7286:BootstrapSecureMessaging" />
</jmsQueueConnectionFactory>
    • You can also create a custom outbound chain and use it to connect to the messaging engine.
      <keyStore id="customKeyStore" location="key.jks" type="JKS" password="{xor}NDombm1s" />
	<ssl id="CustomSslNewOptions" keyStoreRef="customKeyStore"/> 

<wasJmsOutbound id="jmsSecureCustomChain"
	useSSL=”true”>
	<sslOptions sslRef="CustomSslNewOptions" />
</wasJmsOutbound>
    Now the <jmsSecureCustomChain> element is enabled successfully. It uses <CustomSslNewOptions> element for SSL keystore configuration.
Parent topic: Fix Pack 8550 Enabling JMS messaging for the Liberty profile
Related concepts:
Fix Pack 8550 Liberty embedded JMS messaging provider
Fix Pack 8550 Service integration bus messaging provider
Related tasks:
Fix Pack 8550 Enabling JMS messaging for a single Liberty profile server
Fix Pack 8550 Enabling JMS messaging between two Liberty profile servers
Fix Pack 8550 Enabling secure JMS messaging for the Liberty profile
Fix Pack 8550 Enabling interoperability between the Liberty profile and WebSphere Application Server full profile
Related information:
Intel Advanced Encryption Standard New Instructions

Icon that indicates the type of topic Task topic
Terms and conditions for information centers | Feedback


Timestamp icon Last updated: Wednesday, 22 May 2013
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-nd-mp&topic=twlp_msg_ssl
File name: twlp_msg_ssl.html