Version 9.5 SP1
 —  Administration under UNIX  —

Settting up and Administering the Broker SSL Agent

The Broker SSL Agent is a gateway to the Broker whenever direct SSL or TLS communication with the Broker is not possible.

Under UNIX, use the delivered script /opt/softwareag/EntireX/bin/sslbrokeragent.bsh to start the agent.

This document covers the following topics:


Common Scenarios

The most common scenarios for using the SSL Agent are where direct SSL communication to the Broker is not possible or it is not required by the network architecture.

Although in most cases the SSL Agent will be used from a Broker application written in Java, the SSL Agent can also be used from non-Java applications as long as the Broker stubs support SSL.

Top of page

Using the SSL Agent

Class Name and Parameters

The SSL Agent is a standalone Java application. The class name is com.softwareag.entirex.ba.SSLBrokerAgent.

Specify the following parameters in the order given in this table when the SSL Agent listens on an SSL port:

Parameter Explanation
1. Trace Option Valid values: ON or OFF. Default: OFF.
A dump of the buffers is written to standard output for diagnostic purposes.
2. Port Number The port number the TCP Agent uses for incoming requests from Broker applications. Specify this port number as part of the broker ID in the broker application.
3. SSL Parameters SSL parameters when the SSL Agent runs as an SSL server. SSL requires a (server) certificate with a private key. Specify with key_store=filename the file name of a Java keystore that contains the private key.
SSL client authentication can be requested with the parameter verify_client=yes. In this case, specify with trust_store=filename the file name of a Java keystore containg the list of trusted certificate authorities that issued the client's certificate. The complete list of parameters could be
key_store=keystore&verify_client=yes&trust_store=castore.
Examples:
key_store=ExxJavaAppCert.jks trust_store=ExxCACert.jks.
4. Password The password which protects the private key. If the value -prompt is specified the password is read from standard input.
5. Broker Address The SSL Agent sends all requests to this Broker using any legal Broker ID as in EntireX Java. The SSL Agent will use SSL communication if the address starts with ssl://.
6. Port Number for commands The port number the SSL Agent uses for incoming commands from the System Management Hub.

Starting the SSL Agent

Under UNIX, the EntireX distribution kit comes with a shell script to start the SSL Agent. Change the port number, the Broker address and the SSL parameters in script /opt/softwareag/EntireX/bin/sslbrokeragent.bsh.

Top of page

Activating Tracing for the SSL Agent

Set the parameter Trace Option to "ON". See Class Name and Parameters.

Top of page

Architecture of the SSL Agent

The architecture of the SSL Agent is shown in the following picture:

Top of page