Announcement Announcement Module
Collapse
No announcement yet.
Securing JMS message-driven-channel-adapter Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Securing JMS message-driven-channel-adapter

    I am using a message-driven-channel-adapter to read messages off MQ queue, and this has been working fine in development. Now, in preparation for the first production release, I have to read a secured queue instead.

    What do I need to do?

    I think I need to make sure the following are set as system properties, but with what values?


    javax.net.ssl.trustStore
    javax.net.ssl.trustStorePassword
    javax.net.ssl.keyStore
    javax.net.ssl.keyStorePassword


    I get the connectionFactory from jndi and it has the SSLCipherSuite set.

    I have been given a clear text password and a JKS file that contains both the keystore and the truststore

    What do I need to do next?

  • #2
    I spent few hours just yesterday sorting this out.
    This is what you need to do
    1) Use keytool to generate a truststore. Follow those steps and also remember the truststore password, coz you will need this.

    2) Grab binary der format certificate from your bus administrator.

    3) Use keytool to import that certificate into your truststore.

    4) You can ignore keystore, if you don't want mutual authetication.

    5) To begin with set these system properties. If everything works, you can set them in your application startup script like catalina.bat
    Djavax.net.ssl.trustStoreType=BKS
    javax.net.debug=ssl
    javax.net.ssl.trustStore=c:\keystore (this, you need it from step 1)
    javax.net.ssl.trustStorePassword=<<password>> (again from step 1)


    6) The remaining stuff is configuring your connection factory with username/password

    Hope this is clear.

    Comment

    Working...
    X