You can configure a service integration bus
to enable connecting client JMS applications to authenticate by using Secure
Sockets Layer (SSL) certificates.
Before you begin
You must ensure that the following tasks have been completed:
- Administrative security is enabled. For more information, see Enabling security.
- A stand-alone Lightweight Directory Access Protocol (LDAP) user registry
has been configured for storing user and group IDs. To access the user registry,
you must know a valid user ID that has the administrative role, and password,
the server host and port of the registry server, and the base distinguished
name (DN). For more information, see Configuring Lightweight Directory Access Protocol user registries.
- Bus security is enabled. For more information, see Disabling bus security.
- JMS client applications have been configured to authenticate by using client
SSL certificates.
About this task
If you want to allow connecting JMS application clients to authenticate
to the bus by using client SSL certificates, define an SSL configuration.
There are two parts to this task. First you use the administrative console
to map SSL certificates to entries in the LDAP user registry. Secondly, you
create a unique SSL configuration for each endpoint address for which you
want to use client SSL authentication. Do not use the default SSL configuration
for the bus.
Procedure
- Use the administrative console to define certificate filters to
map an SSL certificate to an entry in the LDAP server. For more
information, see Creating a Secure Sockets Layer configuration. The client SSL certificate is mapped to a user ID in the user
registry.
- Create a separate SSL configuration file for each endpoint address
for server, bus member or cluster on the bus, and select that client authentication
is required. For more information, see Creating a Secure Sockets Layer configuration
Results
The bus is configured to allow client SSL authentication.
What to do next
Connecting JMS client applications can now authenticate to the bus
using client SSL certificates.