Description:
When doing a JNDI lookup using SSL, if the JNDI properties are configured within the jndi.properties file, how to define multiple trusted certificates?

Symptoms:
N/A
Cause:
N/A

How to define multiple trusted certificates in a jndi.properties file?

If multiple trusted certificates are needed for the SSL connection, you can combine root and intermediate trusted certificates into one .pem file and define it to com.tibco.tibjms.naming.ssl_trusted_certs entry.

Example:

CAcert.pem   --- root trusted certificate for EMS server's certificate.
ca1_complete.pem  --- intermediate trusted certificate for EMS server's certificate.

On UNIX:

cat CAcert.pem ca1.cert.pem > ca1_complete.pem

On Windows:

type CAcert.pem ca1.cert.pem > ca1_complete.pem

Then define:

com.tibco.tibjms.naming.ssl_trusted_certs=?path>/ca1_complete.pem

The complete jndi.properties file looks like following:

===========
java.naming.factory.initial=com.tibco.tibjms.naming.TibjmsInitialContextFactory
java.naming.factory.url.pkgs=com.tibco.tibjms.naming
java.naming.provider.url=ssl://localhost:7243
java.naming.factory.object=TestOF:com.tibco.tibjms.naming.TibjmsObjectFactory

com.tibco.tibjms.naming.ssl_identity=<client identity>
com.tibco.tibjms.naming.ssl_password=?password for the client private key>
com.tibco.tibjms.naming.ssl_expected_hostname=<CN field of the server’s certificate>
com.tibco.tibjms.naming.ssl_trusted_certs=<trusted certificate>
com.tibco.tibjms.naming.security_protocol=ssl
com.tibco.tibjms.naming.ssl_trace=true
=============