Settting up and Administering the EntireX Broker SSL Agent

The EntireX Broker SSL Agent is a gateway to the broker whenever direct SSL/TLS communication with the broker is not possible. Under UNIX, use the delivered script /opt/softwareag/EntireX/bin/sslbrokeragent.bsh to start the agent. This document covers the following topics:


Common Scenarios

The most common scenarios for using the Broker SSL Agent are where direct SSL communication to the Broker is not possible or it is not required by the network architecture.

Although in most cases the Broker SSL Agent will be used from a Broker application written in Java, the Broker SSL Agent can also be used from non-Java applications as long as the Broker stubs support SSL.

Using the Broker SSL Agent

Class Name and Parameters

The Broker SSL Agent is a standalone Java application. The class name is com.softwareag.entirex.ba.SSLBrokerAgent.

Specify the following parameters in the order given in this table when the Broker SSL Agent listens on an SSL port:

Parameter Explanation
1. Trace Option Valid values: ON or OFF. Default: OFF.
A dump of the buffers is written to standard output for diagnostic purposes.
2. Port Number The port number the TCP Agent uses for incoming requests from Broker applications. Specify this port number as part of the broker ID in the broker application.
3. SSL Parameters SSL parameters when the Broker SSL Agent runs as an SSL server. SSL requires a (server) certificate with a private key. Specify with key_store=filename the file name of a Java keystore that contains the private key.
SSL client authentication can be requested with the parameter verify_client=yes. In this case, specify with trust_store=filename the file name of a Java keystore containing the list of trusted certificate authorities that issued the client's certificate. The complete list of parameters could be
key_store=keystore&verify_client=yes&trust_store=castore.
Examples:
key_store=ExxJavaAppCert.jks trust_store=ExxCACert.jks.
4. Password The password which protects the private key. If the value -prompt is specified the password is read from standard input.
5. Broker Address The Broker SSL Agent sends all requests to this Broker using any legal Broker ID as in EntireX Java. The Broker SSL Agent will use SSL communication if the address starts with ssl://.
6. Port Number for commands The port number the Broker SSL Agent uses for incoming commands from the System Management Hub.

Starting the Broker SSL Agent

Under UNIX, the EntireX distribution kit comes with a shell script to start the Broker SSL Agent. Change the port number, the Broker address and the SSL parameters in script /opt/softwareag/EntireX/bin/sslbrokeragent.bsh.

Activating Tracing for the Broker SSL Agent

Set the parameter Trace Option to "ON". See Class Name and Parameters.

Architecture of the Broker SSL Agent

The architecture of the Broker SSL Agent is shown in the following picture: