Contents

Versions Compared

Old Version 2

changes.mady.by.user Ashish

Saved on

compared with

New Version 3

changes.mady.by.user Prathewraj M

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titleContents

Table of Contents

TCP with JSSE Security

  1. Launch the Fiorano Studio for offline configuration of the FioranoMQ server.
  2. Select Tools > ConfigureProfile from the menu bar, and open the profile needed. Navigate to %selectedProfile% > Fiorano > SocketAcceptors >

...

  1. Port-1 > ConnectionManager in the ServerExplorer.
     
    Image Modified

  2. Change the Protocol property to SUN_SSL

  3. Change the UseSystemPropsForSSL to true (Optional)

...

  1. Note

    The public/private keys and/or certificates used by the FioranoMQ Server can be loaded by specifying the related system properties, or by installing the appropriate security managers which can load the certificates. Please see the note at the start of Section 4.5.1.

  2. Navigate to %selectedProfile% > Fiorano > etc > FMQConfigLoader. Right-click on FMQConfigLoader, and select Add Attribute from the pop-up menu. Add an additional attribute with the name SSLEnabled and with a value that is 'true'.

...


  1. Image Modified

  2. Navigate to %selectedProfile% > Fiorano > socketAcceptors > port-1 > ConnectionManager. Check the default value of property ManagerClassName. Ensure that the default value of ManagerClassName is fiorano.jms.ex.sm.def.DefaultJSSESecurityManager. (Optional)

...


  1. Note

    This parameter is deprecated. Alternatively, in order to load the KeyStore and TrustStore, for initializing the context in which SSL Sockets are created, corresponding system properties should be set,

...

  1. and UseSystemPropsForSSL

...

  1.  should be set to true.

    Image Modified

  2. Navigate to Fiorano > jmx > connector > JMSBasedJMXConnector2, and set the following properties to allow the JMSConnector to connect to the secure server.
    1. Protocol: TCP
    2. SecurityManagerClass: fiorano.jmx.connector.fmq.security.JSSESecurityManager
    3. SecurityProtocol: SUN_SSL
       
    Image Modified

  3. Right-click the FioranoMQ domain in the Profile Manager, and select the Save option from the pop-up menu. Changes are saved in the Configs.xml file.
     
    Image Modified

  4. Clear the existing database using script ClearDB.bat located in %FIORANO_HOME%\fmq\bin directory.

    Code Block
    ClearDB.bat %selectedProfile%

  5. Start the Server again using script file fmq.bat located in %FIORANO_HOME%\fmq\bin directory.

    Code Block
    fmq.bat –profile %selectedProfile%


    The server starts accepting connections on TCP in the SSL (JSSE) mode.

HTTPwithJSSESecurity

  1. Launch the Fiorano Studio for offline configuration of the FioranoMQ server.
  2. Select Tools > Configure Profile from the menu bar, and open the profile needed. Navigate to %selectedProfile% > Fiorano > SocketAcceptors > Port1 Port-1 > ConnectionManager.
  3. Change the protocol property from TCP to HTTPS_SUN.
  4. Navigate to %selectedProfile% > Fiorano > etc > FMQConfigLoader. Right-click on FMQConfigLoader and select Add Attribute from the pop-up menu. Add an additional attribute with the name SSLEnabled and with the value 'true'.
  5. Navigate to %selectedProfile% > Fiorano > socketAcceptors > port-1 > ConnectionManager. Check the default value of property ManagerClassName. Ensure that the default value of Security manager is fiorano.jms.ex.sm.def.DefaultJSSESecurityManager.
  6. Navigate to Fiorano > jmx > connector > JMSBasedJMXConnector2, and set the following properties to allow JMSConnector to connect to the secure server.
    1. Protocol: HTTP
    2. SecurityManagerClass: fiorano.jmx.connector.fmq.security.JSSESecurityManager
    3. SecurityProtocol: SUN_SSL
  7. Right-click the FioranoMQ domain in the Server Explorer, and select the Save option from the pop-up menu. Changes are saved in the Configs.xml file.
  8. Clear the existing database, using script ClearDB.bat, located in the %FIORANO_HOME%\fmq\bin directory.

...

  1. A similar procedure is followed to enable SSL for FES/FPS servers. For FPS profiles, the Protocol, SecurityProtocol and SecurityManagerClass properties for Fiorano > jmx >Engine Engine > ClientJMXEngine also need to be changed.
  2. When FioranoMQ server is running with HTTPS_SUN protocol, pinging is enabled at the server. Also, the client connecting to the server must enable ping.

...

The server, by default, uses fiorano.jms.ex.sm.def.DefaultJSSESecurityManager class as a Security Manager. This value can be modified from the Studio using Profile Manger at:

Profiles ->FioranoMQ->socketAcceptors->port-1->ConnectionManager> FioranoMQ > socketAcceptors > port-1 > ConnectionManager[properties] ->ManagerClassName> ManagerClassName

A sample Security Manager Class is displayed below.

JSSESecurityManager.java



Image Modified

4.5.3.1 Compiling the Security Manager

...

javax.net.ssl.trustStore=<path - is the path to the keystore>

Image Modified

4.5.4 Client Side Configuration

...

Code Block
java -jar portecle.jar

Image Modified
Image Modified

  1. Open the keystore that needs to be converted to the .PEM format using Portcele. All the information related to the certificate can be viewed here.
  2. Navigate to File >> OpenKeyStoreFile. Choose the keystore that was created.
  3. Enter the password provided at the time of the creation of the keystore.

Image Modified
Image Modified

4. Right-click on certificate, and choose export. Select the export 'type' as "Private Key and Certificates", and the export format as "PEM Encoding".

...

Adaptavist ThemeBuilder EngineAtlassian Confluence