7.1 Configuring JMS over SSL in Connect (TIBCO)

Required Jars for JMS Configuration

In order to cofnigure JMS using TIBCO, you will require the following jars:

  • jms-2.0.jar

  • slf4j-api-1.4.2.jar

  • slf4j-simple-1.4.2.jar

  • tibcrypt.jar

  • tibemsd_sec.jar

  • tibjms.jar

  • tibjmsadmin.jar

  • tibjmsapps.jar

  • tibjmsufo.jar

  • tibrvjms.jar


These jars should be provided to you from your MQ team.


Configuring JMS Using TIBCO

To configure JMS using TIBCO:

  1. On the CONNECT internal node, create a folder called 'jms' in kc/import and copy the above .jar files into this directory

  2. Append the classpath in crm.env to include all of the above files

  3. Copy the appropriate certificates to kc/import (client_identify.p12 and server_root.cert.pem)

  4. Create a text file called jndi.properties in the /kc directory and copy the following text. This edits the certificate and identifies locations to point to appropiate path:

    com.tibco.tibjms.naming.security_protocol=ssl
    com.tibco.tibjms.naming.ssl_enable_verify_host=false
    com.tibco.tibjms.naming.ssl_enable_verify_hostname=false
    com.tibco.tibjms.naming.ssl_vendor=j2se
    com.tibco.tibjms.naming.ssl_expected_hostname=server
    com.tibco.tibjms.naming.ssl_identity=d:/client_identity.p12 (Edit path and name)
    com.tibco.tibjms.naming.ssl_password=password
    com.tibco.tibjms.naming.ssl_trusted_certs=d:/server_root.cert.pem (Edit path and name)
    #DEBUG
    com.tibco.tibjms.naming.ssl_trace=true
    com.tibco.tibjms.naming.ssl_debug_trace=true
    com.tibco.tibjms.debug=true
    com.tibco.tibjms.ssl.debug.trace=true
    com.tibco.tibjms.ssl.trace=true

  5. Copy the Java Cryptography Extension (JCE) Unlimited Strength Jursidiction Policy files for Java 7 (local_policy.jar and US_export_policy.jar) to the inside nodes Java directory kc/java/lib/security .

    The files can be downloaded from http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html.

  6. Restart the runmonitor.sh process:

    1. As root run /etc/rc3.d/S80Connect stop

    2. Run /etc/rc3.d/S80Connect start

  7. Create the Connection Factory in Connect

  8. Restart all the Connect nodes through the UI

  9. Start the Connection Factory in Connect