Contents

Versions Compared

Old Version 3

changes.mady.by.user Prathewraj M

Saved on

compared with

New Version Current

changes.mady.by.user Prathewraj M

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Launch the Fiorano Studio for offline configuration of the FioranoMQ server.
  2. Select Tools > ConfigureProfile from the menu bar, and open the profile needed. Navigate to %selectedProfile% > Fiorano > SocketAcceptors > Port-1 > ConnectionManager in the ServerExplorer.
     


  3. Change the Protocol property to SUN_SSL

  4. Change the UseSystemPropsForSSL to true (Optional)

    Note

    The public/private keys and/or certificates used by the FioranoMQ Server can be loaded by specifying the related system properties, or by installing the appropriate security managers which can load the certificates. Please see the note at the start of Section 4.5.1.

  5. Navigate to %selectedProfile% > Fiorano > etc > FMQConfigLoader. Right-click on FMQConfigLoader, and select Add Attribute from the pop-up menu. Add an additional attribute with the name SSLEnabled and with a value that is 'true'.
    Image Removed
    Image Added

  6. Navigate to %selectedProfile% > Fiorano > socketAcceptors > port-1 > ConnectionManager. Check the default value of property ManagerClassName. Ensure that the default value of ManagerClassName is fiorano.jms.ex.sm.def.DefaultJSSESecurityManager. (Optional)

    Note

    This parameter is deprecated. Alternatively, in order to load the KeyStore and TrustStore, for initializing the context in which SSL Sockets are created, corresponding system properties should be set, and UseSystemPropsForSSL should be set to true.



  7. Navigate to Fiorano > jmx > connector > JMSBasedJMXConnector2, and set the following properties to allow the JMSConnector to connect to the secure server.
    1. SecurityProtocol: SUN_SSL
    2. Protocol: TCP
    3. SecurityManagerClass: fiorano.jmx.connector.fmq.security.JSSESecurityManager
       
    Image RemovedImage Added

  8. Right-click the FioranoMQ domain in the Profile Manager, and select the Save option from the pop-up menu. Changes are saved in the Configs.xml file.
     
    Image RemovedImage Added

  9. Clear the existing database using script ClearDB.bat located in %FIORANO_HOME%\fmq\bin directory.

    Code Block
    ClearDB.bat %selectedProfile%

  10. Start the Server again using script file fmq.bat located in %FIORANO_HOME%\fmq\bin directory.

    Code Block
    fmq.bat –profile %selectedProfile%


    The server starts accepting connections on TCP in the SSL (JSSE) mode.

...

EnforceClientAuthentication. (Refer to the profile screenshot below.) If the EnforceJSSEAuthentication parameter is enabled in ConnectionManagerConfigurations, then the server validates the certificates provided by the client.

Image Added

To enable this, the keystore created should be added to the trusted Stores. The fmq.conf file is used here. By default the value is:

...

javax.net.ssl.trustStore=<path - is the path to the keystore>

Image Removed

Client Side Configuration

...

Adaptavist ThemeBuilder EngineAtlassian Confluence