test

Sun GlassFish Message Queue 4.4 Developer's Guide for Java Clients

Creating Secure Connctions (SSL)

A connection service that is based on the Transport Layer Security (TLS/SSL) standard is used to authenticate and encrypt messages sent between the client and the broker. This section describes what the client needs to do to use TLS/SSL connections. A user can also establish a secure connection by way of an HTTPS tunnel servlet. For information on setting up secure connections over HTTP, see Appendix C, HTTP/HTTPS Support, in Sun GlassFish Message Queue 4.4 Administration Guide.

Some of the work needed to set up a TLS/SSL connection is done by an administrator. This section summarizes these steps. For complete information about the administrative work required, please see Message Encryption in Sun GlassFish Message Queue 4.4 Administration Guide.

To set up a secure connection service, you must do the following.

  1. Generate a self-signed or signed certificate for the broker (administrator).

  2. Enable the ssljms connection service in the broker (administrator).

  3. Start the broker (administrator).

  4. Configure and run the client as explained below.

To configure a client to use a TLS/SSL connection you must do the following.

  1. If your client is not using J2SDK 1.4 (which has JSSE and JNDI support built in), make sure the client has the following files in its class path: jsse.jar, jnet.jar, jcert, jar, jndi.jar.

  2. Make sure the client has the following Message Queue files in its class path: imq.jar, jms.jar.

  3. If the client is not willing to trust the broker's self-signed certificate, set the imqSSLIsHostTrusted attribute to false for the connection factory from which you get the TLS/SSL connection.

  4. Connect to the broker's ssljms service. There are two ways to do this. The first is to specify the service name ssljms in the address for the broker when you provide a value for the imqAddressList attribute of the connection factory from which you obtain the connection. When you run the client, it will be connected to the broker by a TLS/SSLconnection. The second is to specify the following directive when you run the command that starts the client.

    java -DimqConnectionType=TLS clientAppName