1.1 For SSL Communication Support (Integrating WebLogic Server with TIBCO EMS)

Note : Presuming we have integrated WebLogic Server with TIBCO EMS as described in the previous post.

Now as we have already configured MDB deployed on WebLogic Server to listen to JMS destination (in our example we configured Queue, it can be configured for Topic also in the same way), we will modify a bit to add SSL support. It can be done by following the simple steps:

Add the SSL JAR Files and New JNDI Properties File to the CLASSPATH

Add SSL JAR Files and New JNDI Properties File to the WebLogic Server CLASSPATH, by adding the following lines in front of the CLASSPATH variable value in startup script.

C:\tibco\ems\clients\java\jcert.jar;C:\tibco\ems\clients\java\jnet.jar;C:\tibco\ems\clients\java\jsse.jar;C:\tibco\ems\clients\java\tibcrypt.jar;C:\tibco\EMS\clients\java;

Create a new file named jndi.properties, add the following lines and save it to the directory C:\tibco\EMS\clients\java.

com.tibco.tibjms.naming.security_protocol=ssl
com.tibco.tibjms.naming.ssl_enable_verify_host=false

These properties specify that the "SSL" protocol should be used for JNDI lookups and that host verification is turned off (the client will trust any host). JNDI reads this file automatically and adds the properties to the environment of the initial JNDI context.

Configure the TIBCO Enterprise Message Service Server for SSL

In C:\tibco\EMS\bin\tibemsd.conf, add the following lines:

listen = ssl://localhost:7243
ssl_server_identity = certs/server.cert.pem
ssl_server_key = certs/server.key.pem
ssl_password = password
listen = tcp://localhost:7222

These lines explicitly set the tcp and ssl listen ports and specify the three required server-side SSL parameters identity, private key, and password.

Save the file, then stop and restart the TIBCO Enterprise Message Service server. When the server restarts, you should see messages like the following in the console window confirming SSL is enabled:

2010-07-18 10:00:05 Secure Socket Layer is enabled, using openSSL
2010-07-18 10:00:05 Accepting connections on ssl://:7243.
2010-07-18 10:00:05 Accepting connections on tcp://:7222.

Now modify the foreign JMSConnectionFactory in WebLogic to point to an SSLConnectionFactory

Open TIBCO_JMSServer properties from Services > Messaging > JMS Modules > MySystemModule > TIBCO_JMSServer of WebLogic Administration consoles and change the "JNDI Connection URL" to "tibjmsnaming://localhost:7243"

Modify the Example Client Program for SSL-Based Communication

In the "MyClient.java", change the value for "PROVIDER_URL" to "tibjmsnaming://localhost:7243"

We are now done with the modification for SSL support. To show that SSL communications are in fact occurring, you could remove the SSL settings you added to tibemsd.conf. Then restart the TIBCO Enterprise Message Service server and the WebLogic Server. If you check the WebLogic Server logs, you should see exceptions thrown indicating that it could not connect. If you now run the "MyClient.java" again, you should see that it throws an exception indicating that it could not connect to the server using the SSL protocol. Alternatively (or additionally), you could start the TIBCO Enterprise Message Service server from a command prompt window and turn SSL debug tracing on, as follows:

>tibemsd -ssl_debug_trace

Then, if you re-start WebLogic Server and re-run the test program, you will see SSL debugging output on the tibemsd console window.