Configuring SSL on the TIBCO Enterprise Message Service Server

To enable SSL, each instance of tibemsd must have a digital certificate and a private key. The server can optionally require a certificate chain or trusted certificate.

You can set the SSL server parameters in the tibemsd.conf file on the TIBCO Enterprise Service server. An example of the tibemsd.conf file is located in the TIBCO_HOME\ems\version_number or TIBCO_HOME\ems\version_number\bin directory.

    Procedure
  1. Go to the TIBCO_HOME\ems\version_number directory, and open the tibemsd.conf file with a text editor.
  2. Set the server to listen to SSL connections from clients by using the listen parameter. For example: listen = ssl://7243.
    Note: This port number must be consistent with the SSL Connection Factory URL set in the factories.conf configuration file.
  3. Set the ssl_server_identity, ssl_server_key, and ssl_password parameters to specify the digital certificate of the server, private key and the password for the private key. 
    ssl_server_identity = C:\tibco\ems\8.2\samples\certs\server.cert.pemssl_server_key = C:\tibco\ems\8.2\samples\certs\server.key.pemssl_password = passwordssl_server_trusted =C:\tibco\ems\8.2\samples\certs\client_root.cert.pem
    Note: Leave other parameters as defaults, and then restart the TIBCO Enterprise Message Service server after you configure the previous parameters.
  4. On a command line, navigate to the TIBCO_HOME\ems\version_number directory.
  5. Enter the tibemsd –config tibems.conf command or directly enter the tibemsd command on the command line to start SSL for the server.
See TIBCO Enterprise Message Service™ User’s Guide for details about how to configure SSL in a TIBCO Enterprise Message Service server.

Note: If the SSL listener port is modified in the tibemsd.conf file, you must configure the factories.conf file to keep them consistent when you use JNDI and SSL.

For example: 

[SSLQueueConnectionFactory]

type = queueurl = ssl://7243ssl_verify_host = disabledssl_trusted = C:\tibco\ems\8.2\samples\certs\server_root.cert.pemssl_expected_hostname = serverssl_identity = C:\tibco\ems\8.2\samples\certs\client_identity.p12

[SSLTopicConnectionFactory]

type = topicurl = ssl://7243ssl_verify_host = disabledssl_trusted = C:\tibco\ems\8.2\samples\certs\server_root.cert.pemssl_expected_hostname = serverssl_identity = C:\tibco\ems\8.2\samples\certs\client_identity.p12