Configuring a Universal Messaging Connection Alias for Two-Way SSL

Application Integration (On-Premises) : Administering Integration Server : Configuring Integration Server for webMethods Messaging : Configuring Integration Server to Connect to an SSL-Enabled Port on Universal Messaging : Configuring a Universal Messaging Connection Alias for Two-Way SSL

In two-way SSL between Integration Server and Universal Messaging, to connect to the Universal Messaging port, Integration Server supplies the CA certificate used by the Universal Messaging and a client certificate.

You need to configure a Universal Messaging connection alias for two-way SSL if both of the following are true:

The Universal Messaging connection alias specifies a Realm URL with a protocol of nsps or nhps.

The Enable Client Cert Validation option is selected for the Universal Messaging port. You can use Universal Messaging Enterprise Manager to view the status of the Enable Client Cert Validation option.

Use the following procedure to configure a Universal Messaging connection alias for two-way SSL.

To configure a Universal Messaging connection alias for two-way SSL

1. Create a truststore that contains the certificate authority (CA) of the certificates for the Universal Messaging server.

2. Create a truststore alias for the truststore created in step 1.

For more information about creating a truststore alias, see Creating Truststore Aliases.

3. Create a keystore that contains the client certificates used by Integration Server to connect with Universal Messaging.

4. Create a keystore alias for the keystore created in step 3, making sure to specify a key alias for the key that contains the private key for connecting to the Universal Messaging port securely.

For more information about creating a keystore alias, see Creating Keystore Aliases.

5. Verify that truststore used by Universal Messaging contains the certificate authority of the certificates used byIntegration Server.

6. Using Integration Server Administrator, configure the Universal Messaging connection alias that creates a connection to an SSL port on the Universal Messaging server to include the following:

For this parameter...	Do the following...
Realm URL	Make sure the Realm URL species a URL with the correct SSL protocol, either nsps or nhps.
Client Authentication	Select SSL.
Truststore Alias	Select the truststore alias created in step 2.
Keystore Alias	Select the keystore alias created in step 4.
Key Alias	Select the key alias created in step 4.

7. Save the Universal Messaging connection alias.

Note:

To configure a Universal Messaging connection alias for two-way SSL, you need to supply a truststore alias, keystore alias, and key alias. However, if you set Client Authentication to SSL in the Universal Messaging connection alias but do not supply the truststore alias, keystore alias, and/or key alias needed to establish an SSL connection with the Universal Messaging server, Integration Server looks for this information in the JVM. For information about setting the SSL-related system properties in the JVM, see Storing SSL Information for the Integration Server JVM in a Secure Manner.

Software AG recommends specifying the truststore alias, keystore alias, and key alias information in the Universal Messaging connection alias instead of relying on the JVM system properties.

Contact Support | Community | Feedback