Configuring a Universal Messaging Connection Alias for One-Way SSL
In one-way SSL between Integration Server and Universal Messaging, to connect to the Universal Messaging port, Integration Server supplies the CA certificate used by the Universal Messaging but does not supply a client certificate.
You need to configure a Universal Messaging connection alias for one-way SSL if both of the following are true:
The
Universal Messaging connection alias specifies a
Realm URL with a protocol of nsps or nhps.
The
Enable Client Cert Validation option is
not selected for the
Universal Messaging port. You can use
Universal Messaging Enterprise Manager to view the status of the
Enable Client Cert Validation option.
Use the following procedure to configure a Universal Messaging connection alias for one-way SSL.
To configure a Universal Messaging connection alias for one-way SSL
1. Create a truststore that contains the certificate authority (CA) of the certificates for the Universal Messaging server.
2. Create a truststore alias for the truststore created in step 1.
For more information about creating a truststore alias, see
Creating Truststore Aliases.
3. Using Integration Server Administrator, configure the Universal Messaging connection alias that creates a connection to an SSL port on the Universal Messaging server to include the following:
For this parameter... | Do the following... |
Realm URL | Make sure the Realm URL species a URL with the correct SSL protocol, either nsps or nhps. |
Client Authentication | Select SSL. |
Truststore Alias | Select the truststore alias created in step 2. |
4. Save the Universal Messaging connection alias.
Note: | To configure a Universal Messaging connection alias for one-way SSL, you need to supply the name of the truststore alias. However, if you set Client Authentication to SSL in the Universal Messaging connection alias but do not supply the truststore alias, Integration Server looks for this information in the JVM. For information about setting the SSL-related system properties in the JVM, see Storing SSL Information for the
Integration Server JVM in a Secure Manner. Software AG recommends specifying the truststore alias, keystore alias, and key alias information in the Universal Messaging connection alias instead of relying on the JVM system properties. |