Configuring a bus to allow client SSL authentication
You can configure a service integration bus to enable connecting client JMS applications to authenticate by using Secure Sockets Layer (SSL) certificates.
Before you begin
- Administrative security is enabled. For more information, see Enabling security.
- A stand-alone Lightweight Directory Access Protocol (LDAP) user registry has been configured for storing user and group IDs. To access the user registry, you must know a valid user ID that has the administrative role, and password, the server host and port of the registry server, and the base distinguished name (DN). For more information, see Configuring Lightweight Directory Access Protocol user registries.
- Bus security is enabled. For more information, see Disabling bus security.
- JMS client applications have been configured to authenticate by using client SSL certificates.
About this task
Procedure
- Use the administrative console to define certificate filters to map an SSL certificate to an entry in the LDAP server. For more information, see Creating a Secure Sockets Layer configuration. The client SSL certificate is mapped to a user ID in the user registry.
- Create a separate SSL configuration file for each endpoint address for server, bus member or cluster on the bus, and select that client authentication is required. For more information, see Creating a Secure Sockets Layer configuration