Resolution:
Environment
==========
All

Resolution:
==========
This demo uses sample certificates provided with the EMS v7.0 installation. The sample certificates that come with an earlier EMS version may have expired.

Step 1: Modify EMS server master configuration file (tibems.conf):

- enable SSL port 7243 and specify SSL parameters.
listen                  = ssl://<host>:7243

ssl_require_client_cert = true or false

ssl_server_identity     = certs/server.cert.pem
ssl_server_key          = certs/server.key.pem
ssl_password        = password
ssl_server_issuer       = certs/server_root.cert.pem
ssl_server_trusted      = certs/client_root.cert.pem


Step 2: Create SSLTopicConnectionFactory and SSLQueueConnectionFactory in factory.conf
[SSLQueueConnectionFactory]
  type                  = queue
  url                   = ssl://<host>:7243
  ssl_verify_host       = disabled
  
[SSLTopicConnectionFactory]
  type                  = topic
  url                   = ssl://<host>:7243
  ssl_verify_host       = disabled


Step 3: Start EMS server and make sure it is active and listening on SSL port 7243. You should see the following messages on the EMS console:

Accepting connections on tcp://<host>:7222.
Accepting connections on ssl://<host>:7243.
Server is active.


Step 4: Create TIBCO BusinessWorks project.

Create a trusted certificate folder, import server.cert.pem and server_root.cert.pem to the folder.

Create an identity resource, select "Identity File" type, select client_identity.p12 file.

Create a JMS connection resource, enable SSL, in SSL configuration, select the newly created trusted certificate folder and identity.

In the JMS connection resource's Advanced tab, change TopicConnectionFactory to SSLTopicConnectionFactory and QueueConnectionFactory to SSLQueueConnectionFactory.

In the JMS connection resource's JNDI Context URL field, change the default to ssl://<host>:7243

Test the connection.