Uncategorized

configure SSL between Application and Tibco EMS broker

admin

To configure SSL/TLS between an application and a TIBCO EMS broker. I’ll outline the steps in a structured way (broker-side, client-side, and validation).

1. Prepare Certificates and Keystores

  • Generate a server certificate for the EMS broker (signed by a trusted CA or internal CA).
  • Create a keystore (for private key + cert) and a truststore (for CA certificates).
    • Use keytool (Java), openssl, or any PKI tool.
  • Example (self-signed for testing): keytool -genkey -alias emsServer -keyalg RSA -keystore ems_keystore.jks -keysize 2048 keytool -export -alias emsServer -keystore ems_keystore.jks -file emsServer.cer keytool -import -alias emsCA -file emsServer.cer -keystore ems_truststore.jks

2. Configure EMS Broker for SSL

  1. Edit the EMS configuration (tibemsd.conf): # Enable SSL listening port ssl_port = 7243 # Point to SSL identity (keystore) ssl_server_identity = /path/to/ems_keystore.jks ssl_server_identity_pass = yourKeystorePassword # Trust store (clients) ssl_trusted = /path/to/ems_truststore.jks
  2. Restart the EMS broker: tibemsd -config /path/to/tibemsd.conf

3. Configure Application (Java Example)

If your application uses JMS with Tibco EMS:

  • Add SSL parameters to the connection factory URL. String url = "ssl://ems-host:7243"; TibjmsConnectionFactory factory = new TibjmsConnectionFactory(url); factory.setSSLStoreType("JKS"); factory.setSSLTrustStore("/path/to/ems_truststore.jks"); factory.setSSLTrustStorePassword("truststorePassword"); factory.setSSLIdentity("/path/to/ems_client_keystore.jks"); factory.setSSLPassword("clientKeystorePassword"); Connection connection = factory.createConnection("user", "password");
  • If mutual authentication is required, configure both identity (client cert) and truststore.
  • If only server authentication is required, configure just the truststore.

4. Validate Connection

  • Test with tibjmsSSLGlobal or tibjmsSSLConsumer/Producer samples that come with EMS.
    Example: tibjmsSSLConsumer -server ssl://ems-host:7243 -topic test.topic
  • Check EMS logs (ems.log) for SSL handshake success or errors.
  • Verify the certificate chain is trusted by both sides.

Related Posts

Uncategorized

does password is mandatory to pass to connect to broker if we use TLS based authentication

admin
Uncategorized

Is connect direct database passwords encrypted ?

admin

Leave a Reply

Your email address will not be published. Required fields are marked *