Products | Versions |
---|---|
TIBCO iProcess Engine (Oracle) | 11.8.0 |
Product Name : TIBCO iProcess(R) Engine (Oracle)
Release Version : 11.8.0_HF-002
Release Date : August 2020
=======================================================
Closed Issue in 11.8.0_HF-002 (This Release)
Defect Id: IPE-5330 (Parent IPE-5277)
IAPJMS to connect with EMS over SSL.
Corrected.
Note: If you need to configure SSL for EMS connection then, follow the below mentioned steps.
a. Back up the following existing files to a safe location that should be outside of the $SWDIR directory:
- $SWDIR/etc/iapjms.properties
- $SWDIR/etc/iapjms_classpath.properties
b. Update $SWDIR/etc/iapjms.properties file - add entries required to enable SSL.
Following is the FULL list of properties that are supported by IAPJMS for connecting EMS over SSL:
IAPJMSConnect.SecurityProtocol
IAPJMSConnect.SSLEnableVerifyHost
IAPJMSConnect.SSLEnableVerifyHostName
IAPJMSConnect.SSLExpectedHostName
IAPJMSConnect.SSLTrustedCertificates
IAPJMSConnect.SSLIdentity
IAPJMSConnect.SSLPassword
IAPJMSConnect.SSLTrace
IAPJMSConnect.SSLDebugTrace
IAPJMSConnect.SSLVendor
IAPJMSConnect.SSLAuthOnly
IAPJMSConnect.SSLPrivateKey
IAPJMSConnect.SSLPrivateKeyEncoding
IAPJMSConnect.SSLIdentityEncoding
IAPJMSConnect.SSLIssuerCertificates
IAPJMSConnect.SSLCipherSuites
IAPJMSConnect.SSLHostNameVerifier
Here is an example of an EMS over SSL enabled iapjms.properties file:
IAPJMSConnect.InitialContextFactory=com.tibco.tibjms.naming.TibjmsInitialContextFactory
IAPJMSConnect.InitialURL=tibjmsnaming://ems-host:7243
IAPJMSConnect.TopicConnectionFactory=SSLTopicConnectionFactory
IAPJMSConnect.SecurityPrinciple=NR
IAPJMSConnect.SecurityCredentials=NR
IAPJMSConnect.SecurityEncryption=PLAIN
IAPJMSConnect.Persistent=Y
IAPJMSConnect.Priority=4
IAPJMSConnect.TimeToLive=0
IAPJMSConnect.SecurityProtocol=ssl
IAPJMSConnect.SSLEnableVerifyHost=true
IAPJMSConnect.SSLEnableVerifyHostName=true
IAPJMSConnect.SSLExpectedHostName=server
IAPJMSConnect.SSLTrustedCertificates=/swserver/EMS/certs/server_root.cert.pem
IAPJMSConnect.SSLIdentity=/swserver/EMS/certs/client_identity.p12
IAPJMSConnect.SSLPassword=<encrypted password>
IAPJMSConnect.SSLTrace=true
c. Update $SWDIR/etc/iapjms_classpath.properties file. (This step is applicable for EMS version 8.3 or below. This step is required only for applicable versions of EMS. Eg., tibcrypt.jar, slf4j-simple-1.5.2.jar,slf4j-api-1.5.2.jar are not available from EMS 8.4.)
- Copy the slf4j related jars from EMS installation host to the <classpath.basedir.ems> location on IPE host.
- Append slf4j jars to <classpath.ems.1> property.
Here is an example iapjms_classpath.properties file :
classpath.basedir.ems=/swserver/EMS/libs
classpath.ems.1=jms-2.0.jar,tibjms.jar,tibjmsadmin.jar,tibcrypt.jar,slf4j-simple-1.5.2.jar,slf4j-api-1.5.2.jar
d. If step #b requires <IAPJMSConnect.SSLPassword> property, run swconfig tool to generate and set encrypted password to <IAPJMSConnect.SSLPassword>, that directly updates in $SWDIR/etc/iapjms.properties file.
swconfig -s
=======================================================
NOTE: See attached Readme document for installation instructions.