Installing a Root Certificate in the Trust Store

1. Import the root certificate.

   Execute the command

   JRE_HOME/bin/keytool -import -trustcacerts -alias certAlias -file certFile -keystore trustStoreFile

   where certFile is the file containing the root certificate, certAlias is the alias representing the certificate, and trustStoreFile is the file containing your trust store.

2. Confirm that you trust the certificate.

   Answer YES to the question Trust this certificate?

3. Identify the trust store to the client application.

   In the command that launches the client application, use the -D option to specify the following properties:

   javax.net.ssl.trustStore=trustStoreFile javax.net.ssl.trustStorePassword=trustStorePassword

Configuring the Connection Factory (HTTP and HTTPS)

To enable HTTP/HTTPS support, you need to set the connection factory’s imqAddressList attribute to the URL of the HTTP/HTTPS tunnel servlet. The URL has the form

or

where hostName:portNumber is the host name and port number of the application server or Web server hosting the tunnel servlet and contextRoot is the context root directory you specified when deploying the tunnel servlet on the server, as described above under Step 4 (HTTP and HTTPS): Deploying the Tunnel Servlet.

You can set the imqAddressList attribute in any of the following ways:

• Use the -o option to the imqobjmgr command that creates the connection factory administered object (see Adding a Connection Factory).

• Set the attribute when creating the connection factory administered object using the Administration Console (imqadmin).

• Use the -D option to the command that launches the client application.

• Use an API call to set the attributes of the connection factory after you create it programmatically in client application code (see the Message Queue Developer’s Guide for Java Clients).

Using a Single Servlet to Access Multiple Brokers (HTTP and HTTPS)

It is not necessary to configure multiple application or Web servers and tunnel servlets in order to access multiple brokers; you can share a single server instance and tunnel servlet among them. To do this, you must configure the imqAddressList connection factory attribute as follows:

or

where brokerHostName is the broker instance host name and instanceName is the name of the specific broker instance you want your client to access.

To check that you have entered the correct values for brokerHostName and instanceName, generate a status report for the HTTP/HTTPS tunnel servlet by accessing the servlet URL from a browser:

The report lists all brokers being accessed by the servlet, as shown in Example C-1.

Example C-1 Tunnel Servlet Status Report

HTTP tunnel servlet ready.
Servlet Start Time : Thu May 30 01:08:18 PDT 2002
Accepting secured connections from brokers on port : 7675
Total available brokers = 2
Broker List :
   helios:broker1
   selene:broker2

Using an HTTP Proxy

To use an HTTP proxy to access the HTTPS tunnel servlet, set the system properties http.proxyHost and http.proxyPort to the proxy server’s host name and port number. You can set these properties using the -D option to the command that launches the client application.