Uncategorized

does password is mandatory to pass to connect to broker if we use TLS based authentication

admin

1. One-Way SSL (Server Authentication Only)

  • The client verifies the broker’s certificate.
  • The client still authenticates with username + password (unless EMS is configured to allow anonymous connections).
  • So in this case yes, you must provide a password (normal user authentication).

2. Two-Way SSL (Mutual Authentication)

  • Both broker and client present certificates.
  • The broker can be configured to map client certificates to EMS users (configured in tibemsd.conf using ssl_client_identity and ssl_password).
  • If the mapping is set up correctly, the client does not need to pass a username/password — the certificate itself is the identity.
  • Example snippet from EMS config: ssl_verify_host = enabled ssl_verify_client = required And in users.conf, you can map certificate distinguished names (DN) to EMS users.

3. Anonymous TLS (not common)

  • If EMS is configured to allow anonymous connections over SSL (no username/password, no client certs), then neither password nor certificate is required.
  • This is rarely used in production because it weakens security.

Related Posts

Uncategorized

configure SSL between Application and Tibco EMS broker

admin
Uncategorized

Is connect direct database passwords encrypted ?

admin

Leave a Reply

Your email address will not be published. Required fields are marked *