How can I configure SSL password when I use JNDI to lookup connection factory
Article ID: KB0086648
Updated On:
| Products | Versions |
|---|---|
| TIBCO Enterprise Message Service | - |
| Not Applicable | - |
Description
Resolution:
When you use JNDI lookup a connection factory, there is no way to define ssl_password parameter within factories.conf.
For example, this is a sample connection factory defined in factories.conf:
[SSLTopicConnectionFactory]
type = topic
url = ssl://localhost:7243
ssl_identity = c:\tibco\ems43_GA\bin\certs\client_identity.p12
ssl_verify_host = disabled
ssl_expected_hostname = disabled
Since we can't set ssl_password within the connection factory according to the security reason, EMS will attempt to use the password that is provided in createconnection() call which is the password you specified for the username. If the user password is different with ssl_password, the connection will fail. So that in your case, to workaround this issue, you can create a EMS user which is the same as the common name extracted from the client certificate with the same password as ssl_password.
When you use JNDI lookup a connection factory, there is no way to define ssl_password parameter within factories.conf.
For example, this is a sample connection factory defined in factories.conf:
[SSLTopicConnectionFactory]
type = topic
url = ssl://localhost:7243
ssl_identity = c:\tibco\ems43_GA\bin\certs\client_identity.p12
ssl_verify_host = disabled
ssl_expected_hostname = disabled
Since we can't set ssl_password within the connection factory according to the security reason, EMS will attempt to use the password that is provided in createconnection() call which is the password you specified for the username. If the user password is different with ssl_password, the connection will fail. So that in your case, to workaround this issue, you can create a EMS user which is the same as the common name extracted from the client certificate with the same password as ssl_password.
Issue/Introduction
How can I configure SSL password when I use JNDI to lookup connection factory
Feedback
Yes
No
Powered by
