Configure secured JMS

This topic describes how to configured secured JMS if you are using a Tibco EMS SSL connection.

Server-side configuration

On your secured JMS server machine:

  1. Obtain any certificates required from your server administrator. For example, you may need files similar to the following:

    • server_root.cert.pem
    • client_identity.cert.pem
    • server_root.cert.pem
    • server.cert.pem
    • server.key.pem
    • client_root.cert.pem

  2. Locate and open the factories.conf file for editing. This file is located in the server installation directory.

  3. In the factories.conf file, define your JMSConnectionFactory settings.

    Define the following:

    • type = queue
    • url = the binding SSL URL
    • ssl_trusted = the path to the server-side certificate
    • ssl_verify_host = false

    For example

    [JMSConnectionFactory]

    type = queue

    url = ssl://localhost:7243

    ssl_trusted = C:\...\server_root.cert.pem

    ssl_verify_host = false

  4. Continue editing the factories.conf file to create the direct SSL factory.

    Define the following:

    • ssl_identity = the path to the client-side certificate
    • ssl_trusted = the path to the server-side certificate

    For example:

    [SSLQueueConnectionFactory]

    type = queue

    url = ssl://localhost:7243

    ssl_identity = C:\...\client_identity.cert.pem

    ssl_trusted = C:\...\server_root.cert.pem

  5. Locate and open the tibemsd.conf file for editing. This file is located in the server installation directory.

  6. In the tibemsd.conf file, define the following values:

    • authorization = enabled
    • listen = the binding SSL URL
    • track_message_ids = enabled
    • ssl_server_identity = the path to the server-side certificate
    • ssl_server_key = the path to the server-side key
    • ssl_password = the password associated with the server-side key
    • ssl_server_trusted = the path to the client certificate

    For example:

    authorization = enabled

    listen = ssl://localhost:7243

    track_message_ids = enabled

    ssl_server_identity = C:\...\server.cert.pem

    ssl_server_key = C:\...\server.key.pem

    ssl_password = ***

    ssl_server_trusted =C:\...\client_root.cert.pem

  7. Configure a user and group on the server side:

    1. Launch the Start EMS Administration tool and log in.
    2. Create a group, and add your user to the new group.
    3. Grant the new group privileges to access the queue.

    For example, after logging in, run the following commands:

    create group securegroup

    add member securegroup admin

    grant queue inQueue group=securegroup send

    grant queue inQueue group=securegroup receive

    grant queue inQueue group=securegroup browse

Back to top

Client-side configuration

On your OpenText Functional Testing machine:

  1. Copy any relevant .jar files from the EMS server machine to the OpenText Functional Testing machine.

  2. Edit your Test Settings values. For example:

    In this example, the Classpath value is set to:

    C:\HP\tibco\ems\6.1\lib\jms.jar;C:\HP\tibco\ems\6.1\lib\slf4j-api-1.4.2.jar;C:\HP\tibco\ems\6.1\lib\slf4j-simple-1.4.2.jar;C:\HP\tibco\ems\6.1\lib\tibcrypt.jar;C:\HP\tibco\ems\6.1\lib\tibemsd_sec.jar;C:\HP\tibco\ems\6.1\lib\tibjms.jar;C:\HP\tibco\ems\6.1\lib\tibjmsadmin.jar;C:\HP\tibco\ems\6.1\lib\tibjmsapps.jar;C:\HP\tibco\ems\6.1\lib\tibjmsufo.jar;C:\HP\tibco\ems\6.1\lib\tibrvjms.jar

    For more details, see Test Settings Tab (Properties Pane - API Testing).

    3. Back to top