You can configure JMS client applications to
authenticate to the bus by using client Secure Sockets Layer (SSL) authentication.
Before you begin
- You have already obtained a Secure Sockets Layer (SSL) certificate for
the JMS client application.
- The JMS client application is already configured to use SSL. For more
information, see ssl.client.props client configuration file
About this task
This task has two objectives. First, you install the SSL certificate
for the client application in the key store for the application client. Secondly,
you modify the sib.client.ssl.properties file to use client SSL authentication.
You use the Key Management (iKeyman) utility to work with SSL certificates.
The iKeyman user interface is Java-based and uses the Java support
that is installed with IBM
® HTTP Server.
Take the following steps to configure
a JMS client application to use client SSL authentication:
Procedure
-
Start the iKeyman user interface.
Refer to the iKeyman
User Guide available from IBM developer kits for more information about using
iKeyman.
-
When prompted, select the key store for the JMS client application.
-
When prompted for the type off certificate to work with, select
the option Personal certificates.
A list
of personal certificates is displayed.
-
Select that you want to import a certificate to the selected key
store.
-
When prompted, type the location and name for the certificate.
You can provide an alias for the certificate.
The
certificate is installed into the keystore of the client application.
-
Close the iKeyman user interface.
-
Open a text editor to work with the sib.client.ssl.properties properties
file. This file is located in the profile_root/properties directory
of the application server installation, where profile_root is the directory
in which profile-specific information is stored.
-
Set the value for the property com.ibm.ssl.client.clientAuthentication to True.
-
Set the value for the property com.ibm.ssl.client.keyStoreClientAlias to
the alias name for the certificate in the client key store.
-
Save the sib.client.ssl.properties properties
file.
Results
You have now configured a JMS client application to use client SSL
authentication.