This topic applies to WebSphere Application Server Liberty V8.5.5.9 and earlier. For the latest Liberty topics, see the WebSphere Application Server Liberty documentation.

Securing JMS communications in Liberty by using SSL

You can configure the ssl-1.0 feature to enable secure communication between the two Liberty servers.

Before you begin

To secure JMS communications by using SSL, you must configure the SSL feature by providing SSL certificate-related configurations. For more information, see Enabling SSL communication in Liberty.

Procedure

  1. Configure SSL on the server.
    • Service integration bus has the following default SSL configuration.
      <wasJmsEndpoint  
      	host="*"
      	wasJmsSSLPort="7286" >
      <wasJmsEndpoint/>

      Service integration bus inbound uses the <keyStore> element as the default SSL configuration. See Enabling SSL communication in Liberty for detailed information.

    • To modify the configuration to point to a different SSL configuration other than the default, refer to the following example.
      <keyStore id="customKeyStore" location="key.jks" type="JKS" password="{xor}NDombm1s" />
      
      	<ssl id="CustomSslNewOptions" keyStoreRef="customKeyStore"/> 
       
      	<wasJmsEndpoint 
      		host="*"
      		wasJmsSSLPort="7286">
      	<sslOptions sslRef="CustomSslNewOptions" />
      	</wasJmsEndpoint>
    • If the <wasJmsEndpoint> configuration is successful, then the service integration bus successfully bounds to port 7286 for secure communications. The JMS client can connect to the messaging engine in a secure way by using SSL.
  2. Configuring the client
    • By default, service integration bus creates an outbound chain that is called < BootstrapSecureMessaging>. This chain uses the <keyStore> element as a default configuration.
      <wasJmsOutbound id="BootstrapSecureMessaging"
      	useSSL=”true”>
      </wasJmsOutbound>
    • To change the default SSL configuration to point to some other configuration, refer to the following example:
      <keyStore id="customKeyStore" location="key.jks" type="JKS" password="{xor}NDombm1s" />
      
      	<ssl id="CustomSslNewOptions" keyStoreRef="customKeyStore"/> 
      
      <wasJmsOutbound id="BootstrapSecureMessaging"
      		 		 useSSL=”true”>
      	<sslOptions sslRef="CustomSslNewOptions" />
       </wasJmsOutbound>
    • To connect a messaging engine by using the secure communication, specify a secure chain in the <remoteServerAddress> element in the connection factory.
      <jmsQueueConnectionFactory jndiName="jndi_JMS_BASE_QCF">
      	<properties.wasJms
      remoteServerAddress="localhost:7286:BootstrapSecureMessaging" />
      </jmsQueueConnectionFactory>
    • You can also create a custom outbound chain and use it to connect to the messaging engine.
      <keyStore id="customKeyStore" location="key.jks" type="JKS" password="{xor}NDombm1s" />
      	<ssl id="CustomSslNewOptions" keyStoreRef="customKeyStore"/> 
      
      <wasJmsOutbound id="jmsSecureCustomChain"
      	useSSL=”true”>
      	<sslOptions sslRef="CustomSslNewOptions" />
      </wasJmsOutbound>
    Now the <jmsSecureCustomChain> element is enabled successfully. It uses <CustomSslNewOptions> element for SSL keystore configuration.

Icon that indicates the type of topic Task topic



Timestamp icon Last updated: Tuesday, 12 December 2017
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-libcore-mp&topic=twlp_msg_ssl
File name: twlp_msg_ssl.html