Manoj Chaurasia Posted May 3, 2012 Share Posted May 3, 2012 I have tibemsd configured to use SSL on port 14012. The configuration from tibemsd.conf is this: ####################################################################### # Copyright 2001-2008 TIBCO Software Inc. # All Rights Reserved. # For more information, please contact: # TIBCO Software Inc. # Palo Alto, California, USA # # Server Configuration Properties ######################################################################## ######################################################################## # All parameters follow 'name = value' syntax. Each parameter must # be in one line, line breaks not supported. If value is empty then # parameter is ignored. It is a good idea to keep all parameters listed # using empty value when no value is required. # Lines starting with # or ; as well as empty lines are ignored. ######################################################################## ######################################################################## # Server Identification Information. ######################################################################## server = EMS-SERVER password = ######################################################################## # Other Configuration files ######################################################################## users = users.conf groups = groups.conf topics = topics.conf queues = queues.conf acl_list = acl.conf factories = factories.conf routes = routes.conf bridges = bridges.conf transports = transports.conf tibrvcm = tibrvcm.conf durables = durables.conf channels = channels.conf stores = stores.conf ######################################################################## # Persistent Storage ######################################################################## store = datastore ######################################################################## # Maximum number of connections ######################################################################## max_connections = 0 ######################################################################## # Maximum message memory ######################################################################## max_msg_memory = 512MB msg_swapping = enabled ######################################################################## # Listen ports. May be tcp or ssl, can specify any number. # Form is tcp://hostname:port. If the hostname is not present then # the default host and interface will be used. ######################################################################## listen = tcp://localhost:7222 listen = ssl://localhost:14012 ######################################################################## # Authorization. ######################################################################## authorization = disabled ######################################################################## # Routing. ######################################################################## routing = disabled ######################################################################## # Multicast. ######################################################################## multicast = disabled ######################################################################## # Producer flow control. ######################################################################## flow_control = disabled ######################################################################## # Transports. ######################################################################## tibrv_transports = ######################################################################## # Fault-tolerant setup. ######################################################################## ft_active = ft_heartbeat = ft_activation = # SSL setup for connection to another FT server. Only required if # the FT connection has to be secure. ft_ssl_identity = ft_ssl_issuer = ft_ssl_private_key = ft_ssl_password = ft_ssl_trusted = ft_ssl_verify_host = ft_ssl_verify_hostname = ft_ssl_expected_hostname= ft_ssl_ciphers = ######################################################################## # Message tracking. ######################################################################## track_message_ids = track_correlation_ids = ######################################################################## # Log file and tracing setup. ######################################################################## logfile = ../log/logfile.txt log_trace = DEFAULT,+MSG,+SSL,+SSL_DEBUG console_trace = DEFAULT,+MSG,+SSL,+SSL_DEBUG ######################################################################## # SSL Server Setup Information. # # These parameters define server-side certificate, private key, issuers # of client certificates and miscellaneous parameters used by this EMS # server when handling SSL connections from the clients and other EMS # servers. ######################################################################## # specify Diffie-Hellman key size, valid values are 512, 768, 1024, 2048. # Default is 1024. Not used for export grade cipher suites. ssl_dh_size = # can be used to disable specific ciphers or change the # priority order. This is used in the format accepted # by OpenSSL, refer to OpenSSL documentation for more info. # Example: ssl_ciphers = +RC4-MD5:+RC4-SHA ssl_server_ciphers = # The following is set if all clients must preset the certificate. # If disabled the client may or may not have the certificate. ssl_require_client_cert = # This enforces the policy when the connection username is always # extracted from the certificate, if the certificate was presented # by the client. This does not affect users who have no certificate. ssl_use_cert_username = # This specifies a special username, when presented as connection user # name, the actual username is extracted from the client certificate # if client has the certificate. This does not affect users who have # no certificate. ssl_cert_user_specname = CERTIFICATE_USER # Server certificate, key and private key password. If password not # specified it is prompted for at start up time. The key and server # certificate issuers may be included into specified PKCS12 file. # Supports PEM, DER and PKCS12. ssl_server_identity = ../certs/server.cert.pem ssl_server_key = ../certs/server.key.pem ssl_password = $man$WjtSRCpaXu7hoTkDlcEPr6KNKRr # Server Issuer certificate(s). # Supports PEM, DER and PKCS#12. # This may be a part of PKCS12 specified by ssl_server_identity ssl_server_issuer = # Trusted issuers of client certificates. Supports PEM, DER and PKCS7. ssl_server_trusted = ../certs/client_root.cert.pem # Path to installed Enthropy Gathering Daemon ssl_rand_egd = # File containing random data. If specified, used by the server # at start up time. ######################################################################## # DO NOT USE FOR PRODUCTION! # This is to allow samples to run on machines without a /dev/random # such as solaris 2.6-2.8. ######################################################################## ssl_rand_file = tibemsd When I attempt to connect to the above-configured tibemsd using one of the sample clients with: EMSSSLGlobal -server "ssl://localhost:14012" -user testuser1 -password xyzzy! -topic sample.topic -ssl_target_hostname localhost "testing 1 2 3" I get the following error: C:tibcoems5.1samplescs>EMSSSLGlobal -server "ssl://localhost:14012" -user testuser1 -password xyzzy! -topic sample.topic -ssl_target_hostname localhost Global SSL parameters sample. ##### Exception:Failed to connect via SSL to [ssl://localhost:14012]: Failed to connect via SSL to [ssl://localhost:14012]: The remote certificate is invalid according to the validation procedure. at TIBCO.EMS.CFImpl._CreateConnection(String userName, String password, Boolean xa) at TIBCO.EMS.TopicConnectionFactory.CreateTopicConnection(String userName, String password) at emsSSLGlobal..ctor(String[] args) ##### Linked Exception error msg:Failed to connect via SSL to [ssl://localhost:14012]: The remote certificate is invalid according to the validation procedure. ##### Linked Exception: at TIBCO.EMS.LinkSSL.Connect(URL url) So what is the reason for this "The remote certificate is invalid according to the validation procedure." error Could any of you tell me what I'm doing wrong! Link to comment Share on other sites More sharing options...
Manoj Chaurasia Posted November 15, 2013 Author Share Posted November 15, 2013 Another way of asking the same question is this:Could any of you give me an example of a tibemsd configuration using SSL and then the sample application EMSSSLGlobal command line that successfully transmits to the given SSL-enabled tibemsd Link to comment Share on other sites More sharing options...
Manoj Chaurasia Posted October 10, 2015 Author Share Posted October 10, 2015 Hi Joel, You find the solution How did you do it to solve the problem I have the same problem and I can't to solve it... could you help me please kind regards Link to comment Share on other sites More sharing options...
Randy Sutton Posted September 15, 2016 Share Posted September 15, 2016 I too have the same problem. Any updates Link to comment Share on other sites More sharing options...
Duber Guevara-Millan Posted September 30, 2016 Share Posted September 30, 2016 Hi, do you require to validate the EMS certificate at the application end, if you do I guess you need to tell the client application which certs to trust can I get a copy of EMSSSLGlobal so I can tell you how this is done Link to comment Share on other sites More sharing options...
Habib Qureshi Posted March 4, 2019 Share Posted March 4, 2019 Anybody gone through and solve the same problem in 2018/2019TIBCO EMS's own c# sample is not working. Same problem mentioned in this tibco's sample code: https://github.com/craignicholson/tibcoems-tutorials/blob/master/6_tibemsSSL/Program.cs#TIBCO cares to respond Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now