Broker 10.5 | webMethods Broker Documentation | webMethods Broker Messaging Programmer's Guide | webMethods Messaging Administration | Configuring webMethods Messaging Clients for SSL | Securing JMS Clients with SSL
 
Securing JMS Clients with SSL
 
Enabling FIPS in JMS Clients
Upgrading JMS Clients that Use SSL
Use either the JMSAdmin command-line tool or My webMethods to configure the properties for SSL on the connection factory that will be used for the connection. These properties include:
*Specifying the keystore (its filename).
*Specifying the trust store (its filename)
*Optionally, selecting encryption (whether or not to enable encryption. Encryption is enabled by default)
For JMS clients, each user certificate and the corresponding private key pair is stored in a separate keystore. A keystore is a file that saves a certificate and the corresponding private key in PKCS12 format. These files are password protected. You can save only one keypair in a keystore.
For JMS clients, the public keys for all certificate authorities (CA) that the JMS client accepts are stored in a separate file called a trust store. A trust store file is not password protected. Unlike a keystore file, which can only save one client certificate, a trust store can contain certificates for multiple CAs.
The file format of a trust store is typically JKS. If the messaging client is JMS, you need to import the trusted root for the certificate authority (CA) to a trust store file.
Example:
The following example uses a JMSAdmin bind TopicConnectionFactory command to configure the SSL properties for the topic connection factory MyTCF:
bind tcf MyTCF with
sslKeystore="c:\keystore.p12"
sslTrustStore="c:\truststore.jks"
sslEncrypted=true
In the JMS client code, set the SSL properties for the connection factory that will carry the SSL connection, as shown in the following example:
((WmConnectionFactoryImpl)tcf).setSSLKeystore("c:\keystore.p12");
((WmConnectionFactoryImpl)tcf).setSSLTruststore("c:\truststore.jks");
((WmConnectionFactoryImpl)tcf).setSSLEncrypted(true);