You can configure the ssl-1.0 feature
to enable secure communication between the two Liberty servers.
Before you begin
To secure JMS communications by using SSL, you must configure
the SSL feature by providing SSL certificate-related configurations.
For more information, see
Enabling SSL communication in Liberty.
Procedure
- Configure SSL on the server.
- Service integration bus has the following default SSL
configuration.
<wasJmsEndpoint
host="*"
wasJmsSSLPort="7286" >
<wasJmsEndpoint/>
Service
integration bus inbound uses the <keyStore> element as the
default SSL configuration. See Enabling SSL communication in Liberty for detailed
information.
- To modify the configuration to point to a different SSL configuration other than the default,
refer to the following
example.
<keyStore id="customKeyStore" location="key.jks" type="JKS" password="{xor}NDombm1s" />
<ssl id="CustomSslNewOptions" keyStoreRef="customKeyStore"/>
<wasJmsEndpoint
host="*"
wasJmsSSLPort="7286">
<sslOptions sslRef="CustomSslNewOptions" />
</wasJmsEndpoint>
- If the <wasJmsEndpoint> configuration is successful, then the
service integration bus successfully bounds to port 7286 for secure
communications. The JMS client can connect to the messaging engine
in a secure way by using SSL.
- Configuring the client
- By default, service integration bus creates an outbound chain
that is called < BootstrapSecureMessaging>. This chain uses the <keyStore>
element as a default configuration.
<wasJmsOutbound id="BootstrapSecureMessaging"
useSSL=”true”>
</wasJmsOutbound>
- To change the default SSL configuration to point to some other
configuration, refer to the following example:
<keyStore id="customKeyStore" location="key.jks" type="JKS" password="{xor}NDombm1s" />
<ssl id="CustomSslNewOptions" keyStoreRef="customKeyStore"/>
<wasJmsOutbound id="BootstrapSecureMessaging"
useSSL=”true”>
<sslOptions sslRef="CustomSslNewOptions" />
</wasJmsOutbound>
- To connect a messaging engine by using the secure communication,
specify a secure chain in the <remoteServerAddress> element in
the connection factory.
<jmsQueueConnectionFactory jndiName="jndi_JMS_BASE_QCF">
<properties.wasJms
remoteServerAddress="localhost:7286:BootstrapSecureMessaging" />
</jmsQueueConnectionFactory>
- You can also create a custom outbound chain and use it to connect
to the messaging engine.
<keyStore id="customKeyStore" location="key.jks" type="JKS" password="{xor}NDombm1s" />
<ssl id="CustomSslNewOptions" keyStoreRef="customKeyStore"/>
<wasJmsOutbound id="jmsSecureCustomChain"
useSSL=”true”>
<sslOptions sslRef="CustomSslNewOptions" />
</wasJmsOutbound>
Now the <jmsSecureCustomChain> element
is enabled successfully. It uses <CustomSslNewOptions> element
for SSL keystore configuration.