Friday, December 5, 2014

SSL Encryption / Authentication between JBOSS JCA + SoftwareAG webMethods Broker

In our previous post (Integrating SoftwareAG webMethods messaging Broker with JBOSS AS 7 through standard JCA) we created a simple setup to publish and consume JMS messages using JCA Resource Adapter construct on JBOSS AS 7.

This post will extend this simple setup by explaining how to use secure communications (SSL encryption + SSL Authentication) between JBOSS and webMethods Broker.

Please note this post is the 2nd out of the following 3 related posts:
  1. Integrating SoftwareAG webMethods messaging Broker with JBOSS AS 7 through standard JCA
  2. SSL Encryption / Authentication between JBOSS JCA + SoftwareAG webMethods Broker
  3. JBOSS Vault to encrypt JMS password for secure JCA configuration

First, let's assume that you're already a webMethods Broker expert and have already setup your Broker server with the right SSL certificates (and if not, please refer to that "pretty"-screenshots SoftwareAG "techcommunity" document (PDF - 4MB) I was referring to in the previous post -- go to "Configuring SSL Communication / Authentication" on page 13).

And all we need to do now is to have our JBOSS client encrypt all communications and authenticate to Wm Broker over SSL...

It's actually very easy:
All you need to do is add the right system properties for it (jboss admin console at “profile > General Configuration > System Properties”)...and the wM Broker client library will take care of the rest without changing anything in the code or configuration!

Here are the needed properties:
  • com.webmethods.jms.username
  • com.webmethods.jms.password
  • com.webmethods.jms.ssl.keystore
  • com.webmethods.jms.ssl.keystoretype
  • com.webmethods.jms.ssl.truststore
  • com.webmethods.jms.ssl.truststoretype
All these values must match the keystore and trustore you used on the wM Broker server side...

Important notes:
  • keystore should be of type "PKCS12" (keystoretype=PKCS12)
  • trustore of type "JKS" (truststoretype=JKS)
  • username / password must match (of course) the ones used by your keystore...

That's it: once those properties are set, you should be able to verify in the wM Broker client sessions are indeed using SSL encryption + SSL authentication...

No comments :