There are two approaches to configuring Secure Sockets Layer (SSL) for the Thin Client for JMS with WebSphere® Application Server and the Resource Adapter for JMS with WebSphere Application Server. The global configuration approach affects all stand-alone outbound connections from the process, and the private approach applies only to client or resource adapter connections from the process.
The Thin Client for JMS with WebSphere Application Server and the Resource Adapter for JMS with WebSphere Application Server use the standard Java Secure Socket Extension (JSSE) that all supported JREs provide for making Secure Sockets Layer (SSL) connections. For information about JSSE, see the JSSE documentation.
-Djavax.net.ssl.keyStore=key.p12
-Djavax.net.ssl.keyStorePassword={xor}Lz4sLCgwLTs=
-Djavax.net.ssl.trustStore=trust.p12
-Djavax.net.ssl.trustStorePassword={xor}PSo4LSov
You can use the private configuration approach to specify security settings that are specific to the Thin Client for JMS with WebSphere Application Server or the Resource Adapter for JMS with WebSphere Application Server connections. You can configure the com.ibm.ws.sib.client.ssl.properties system property to specify the location of an IBM SSL properties file. If this system property is not configured, an attempt is made load the properties file from the classpath instead.
IBM SSL property | JRE global property | Default value |
---|---|---|
com.ibm.ssl.keyStoreType | javax.net.ssl.keyStoreType | JKS |
com.ibm.ssl.keyStore | javax.net.ssl.keyStore | None |
com.ibm.ssl.keyManager | javax.net.ssl.keyStoreProvider | IbmX509 |
com.ibm.ssl.trustManager | javax.net.ssl.trustStoreProvider | IbmX509 |
com.ibm.ssl.keyStorePassword | javax.net.ssl.keyStorePassword | None |
com.ibm.ssl.protocol | None | SSL |
com.ibm.ssl.contextProvider | None | IBMJSSE2 |
com.ibm.ws.sib.jsseProvider | None | com.ibm.jsse2.IBMJSSEProvider2 |
com.ibm.ssl.trustStore | javax.net.ssl.trustStore | None |
com.ibm.ssl.trustStoreType | javax.net.ssl.trustStoreType | JKS |
com.ibm.ssl.trustStorePassword | javax.net.ssl.trustStorePassword | None |
com.ibm.ssl.keyStore=/thinclient/key.p12
com.ibm.ssl.keyStoreType=PKCS12
com.ibm.ssl.keyStorePassword=WebAS
com.ibm.ssl.trustStore=/thinclient/trust.p12
com.ibm.ssl.trustStoreType=PKCS12
com.ibm.ssl.trustStorePassword=WebAS
You can use the PropFilePasswordEncoder tool in the WebSphere Application Server bin directory to encode passwords stored in plain text property files. For further information see Encoding passwords in files.