Securing JMS Clients with SSL
Use either the JMSAdmin command-line tool or My webMethods to configure the properties for SSL on the connection factory that will be used for the connection. These properties include:
Specifying the keystore (its filename).
Specifying the trust store (its filename)
Optionally, selecting encryption (whether or not to enable encryption. Encryption is enabled by default)
For JMS clients, each user certificate and the corresponding private key pair is stored in a separate keystore. A keystore is a file that saves a certificate and the corresponding private key in PKCS12 format. These files are password protected. You can save only one keypair in a keystore.
For JMS clients, the public keys for all certificate authorities (CA) that the JMS client accepts are stored in a separate file called a trust store. A trust store file is not password protected. Unlike a keystore file, which can only save one client certificate, a trust store can contain certificates for multiple CAs.
The file format of a trust store is typically JKS. If the messaging client is JMS, you need to import the trusted root for the certificate authority (CA) to a trust store file.
Example:
The following example uses a JMSAdmin bind TopicConnectionFactory command to configure the SSL properties for the topic connection factory MyTCF:
bind tcf MyTCF with
sslKeystore="c:\keystore.p12"
sslTrustStore="c:\truststore.jks"
sslEncrypted=true
In the JMS client code, set the SSL properties for the connection factory that will carry the SSL connection, as shown in the following example:
((WmConnectionFactoryImpl)tcf).setSSLKeystore("c:\keystore.p12");
((WmConnectionFactoryImpl)tcf).setSSLTruststore("c:\truststore.jks");
((WmConnectionFactoryImpl)tcf).setSSLEncrypted(true);