Resolution:
Description:
============
Configuring JMSQueueSession with JNDI_SSL takes advantage of both the EMS connection management provided by JNDI and data-safety between SAP adapter, EMS and BW brought by SSL together.

Resolution:
============
Under JNDI_SSL mode, the adapter will first SSL-connect to the EMS JNDI Server to get the connection from ConnectionFactory and then will use the connection acquired to SSL-connect to the EMS server.

Configuration on the EMS side:

In tibemsd.conf file add below configurations,

#open SSL port
listen=ssl://7243

#EMS server’s certificate for its identity.
ssl_server_identity     =E:/Temp/Certs/EMS_LOCALDEV_selfsigned.pem
#Private key for ssl_server_identity
ssl_server_key          =E:/Temp/Certs/EMS_LOCALDEV_key.pem
#Password to retrieve ssl_server_key
ssl_password            =password

In factories.conf, make the following configurations for the ConnectionFactory will be used in “JNDI Conn. Factory Name”.

[QueueConnectionFactory]
  type                     = queue
  url                      = ssl://7243
  connect_attempt_count    = 8000
  connect_attempt_delay    = 15000
  connect_attempt_timeout  = 10000
  reconnect_attempt_count  = 8000
  reconnect_attempt_delay  = 15000
  reconnect_attempt_timeout= 10000
  ssl_verify_host=false
  ssl_trusted=E:/Temp/Certs4/EMS_LOCALDEV_selfsigned.pem

Make sure the tibemsd.conf and factories.conf are adopted by the EMS server and restart it.


Configuration on Designer side:

Locate the JMSSession for corresponding Endpoint under the R3AdapterConfiguration70/Advanced/Sessions folder. Check the “Use SSL” option, click “Configure SSL”. In the Basic Tab, fill the location of the folder containing the imported Server certificate in the “Trusted Certificates Folder”. In the Advance Tab, uncheck “Verfiy Host Name” option.

For a detailed reference, see the attached file TestSSL_JNDI.zip.