Configuring an SSL Identity for a Broker Server
You set either an SSL Identity for the Broker Server in My webMethods. To configure an SSL identity for a Broker Server, you open its keystore, select the DN to use as the Broker Server's identity, and assign that DN to the Broker Server.
Important:
Make sure you have the file location and password of the Broker Server's keystore before starting this procedure.
To assign an SSL identity to the
Broker Server1. In My webMethods: Messaging > Broker Server s > Servers.
2. In the Broker Server s List, click the server on which to assign an identity. If the server does not appear in the list, use the Search tab to locate it.
3. In the Broker Server Details page, click the Server Identity tab.
4. Click the SSL tab. The Status should read:
Secure Sockets Layer needs to be configured
5. Click Change Configuration.
Note:
When you configure SSL for the first time, the saved and active SSL configurations are the same, so you need not restart the Broker Server. When you change the SSL configuration, the Continue Using Current Configuration field displays a yellow icon with a status set to 'no'. You must restart the Broker Server to use the new SSL setting. When you set, change, or disable SSL for Broker Server, if the SSL settings are correct, the Continue Using Current Configuration field displays a green icon with a status set to 'yes'.
6. On the Change Broker SSL Settings page, do one of the following:
If the keystore containing the identity is on a different machine than the one hosting
Broker Server:
1. Click the Remote Keystore tab.
2. Type the full path name of the Remote SSL Keystore in the box.
3. Type the full path name of the Remote SSL Truststore in the box.
If the keystore containing the identity is on the same machine as the one hosting
Broker Server:
1. Click the Local Keystore tab.
2. Click Local SSL Keystore and select a keystore name from the list.
3. Click Local SSL Truststore and select a truststore name from the list.
7. Click Keystore Type and select the file format of the keystore.
8. Click Truststore Type and select the file format of the truststore.
9. The following options are available for advanced users:
a. Select an SSL Protocol to use for authentication (the default is All).
b. Enter the cryptographic Cipher Suite to use for authentication (the default is HIGH:eNULL:@STRENGTH).
c. Reconfigure the maximum Verification Depth allowable for a certificate chain (the default is 9).
10. Type the Password to the keystore file.
11. Click Get User Name to retrieve the user name (user DN) from the keystore.
12. Click Save.
13. Click the Identity tab.
14. Click the SSL tab on the Broker Server Details page for the Broker Server that you just configured. Information about the SSL configuration is displayed, and the Status should read:
Secure Sockets Layer is configured and working