Message Queue Client Certificate Validation (Sun Java System Directory Server Enterprise Edition 6.1 Installation Guide)

Sun Java System Directory Server Enterprise Edition 6.1 Installation Guide

Message Queue Client Certificate Validation

By default, clients of the Message Queue, such as the connectors and system manager, accept any SSL certificate that the Message Queue broker returns.

To Validate the Message Queue Client Certificate

To override this setting and force Message Queue clients to validate the Message Queue broker’s certificate, edit:

installation_root/resources/WatchList.properties

Add the following to the JVM arguments of each process in Watchlist.properties :

-Djavax.net.ssl.trustStore=keystore_path-DimqSSLIsHostTrusted=false

Restart the Identity Synchronization for Windows daemon or service.

The javax.net.ssl.trustStore property should point to a JSEE keystore that trusts the broker certificate, for example, /etc/imq/keystore can be used on the machine where Core was installed because this is the same keystore used by the broker.