1). TIBCO ActiveMatrix Adapter Framework 1.3.0_HF-002 needs to support an SSL connection. The following steps are based on the sample certs files provided by EMS.

2). Settings on the EMS server side:
    listen = ssl://7243
    ssl_server_identity = <EMS_HOME>/samples/certs/server.cert.pem
    ssl_server_key = <EMS_HOME>/samples/certs/server.key.pem
    ssl_password = $man$WjtSRCpaXu7hoTkDlcEPr6KNKRr
    ssl_server_trusted      = <EMS_HOME>/samples/certs/client_root.cert.pem

3). Setting on the Adapter side:

    a). Replace the Provider URL with the module property "JmsSslProviderUrl".

    b). Select "Use SSL", then click "Configure SSL" to open the SSL configuration.

    c). Configure the "Trusted Certificates Folder"
    
         Create a folder (example: "Certs") under the project and copy the trusted certificate file (server_root.cert.pem) to the folder. Rename the file by removing ".pem". Configure "Trusted Certificates Folder" to the folder created under the project.

    d). If Mutual Authentication is disabled (ssl_require_client_cert=false), leave "Client Identity" and "Client Key Alias" and "Client Key Password" empty.

    e). If Mutual Authentication is enabled (ssl_require_client_cert=true).

        Download and run PORTECLE which is third party software. Create a new blank keystore called in JKS format. Click on the "Import Trusted Certificates" button and import the trusted certificates (server_root.cert.pem) to the keystore. This is the public key of the entity (server_root) who has signed the certificates used in the server side. Click on the "Import Key pair" button and import the identity file (client_identity.p12). Provide the password ("password"). Set the alias as "client_identity". Save the keystore with password "password".

        Right-Click on the "Resources" and create a new "KeyStore Provider Resource". Set the "URL" as the absolute path of the above JKS file. Set the "Password" as "password" and the "Type" as "JKS" and save the project.

        Configure Client Identity" with the "KeyStore Provider Resource", "Client Key Alias" with "client_identity", "Client Key Password" with "password".

    f). Specify the RuntimeCertificatesDirectory module property with a value to indicate the directory in which all trusted certificates are stored.