Multikey JKS store

Multikey JKS store

book

Article ID: KB0082274

calendar_today

Updated On:

Products Versions
TIBCO Enterprise Message Service 8.4.0

Description

EMS 8.4  Java client has been redesigned to remove dependency on the legacy tibcrypt.jar library and is now completely dependent on the standard JSSE.
When using the .jks file store, it is not required for passing an alias name so as to set the client side identity ( private key & public certificate ).

 

Issue/Introduction

Up to EMS 8.3.0 Java client API do do not have provision to set the client side identity (private key & public certifcate) by passing an alias name. But from EMS 8.4.0 Java API client it is not required to pass the alias

Environment

ALL

Resolution

We have a jks keystore that contains multiple aliases, only one of them has its issuer trusted by the EMS server, the Java client is able to pick up the right alias -- according to the trusted certificate list sent from server during the SSL handshake.

Here are the test steps:

# EMS server configuration ( The server does NOT have to be 8.4, we tried it with 8.2   and 8.,  and  it worked well )

ssl_server_trusted      = ../samples/certs/client_root.cert.pem
ssl_server_identity     = ../samples/certs/server.cert.pem
ssl_server_key          = ../samples/certs/server.key.pem
ssl_password            = $man$WjtSRCpaXu7hoTkDlcEPr6KNKRr

# Client / using the standard EMS sample for SSL testing

"C:\Program Files\Java\jdk1.8.0_131\bin\java"  tibjmsSSL  -ssl_identity e:\tibco\ems\8.4\samples\certs\new.jks -ssl_password password  -ssl_trace -ssl_debug_trace

Attachments

Multikey JKS store get_app
Powered by Wolken Software