Introducing the all-new TIBCO Community site!

For current users, please click "Sign In" to reset your password and access the enhanced features. If you're a first-time visitor, we extend a warm welcome—click "Sign Up" to become a part of the TIBCO Community!

If you're seeking alternative community sites, explore ibi, Jaspersoft, and Spotfire.

Jump to content

configurating tibemsd to use SSL & SSL sample client


Recommended Posts

I have tibemsd configured to use SSL on port 14012. The configuration from tibemsd.conf is this:

#######################################################################

# Copyright 2001-2008 TIBCO Software Inc.

# All Rights Reserved.

# For more information, please contact:

# TIBCO Software Inc.

# Palo Alto, California, USA

#

# Server Configuration Properties

########################################################################

 

########################################################################

# All parameters follow 'name = value' syntax. Each parameter must

# be in one line, line breaks not supported. If value is empty then

# parameter is ignored. It is a good idea to keep all parameters listed

# using empty value when no value is required.

# Lines starting with # or ; as well as empty lines are ignored.

########################################################################

 

########################################################################

# Server Identification Information.

########################################################################

server = EMS-SERVER

password =

 

########################################################################

# Other Configuration files

########################################################################

users = users.conf

groups = groups.conf

topics = topics.conf

queues = queues.conf

acl_list = acl.conf

factories = factories.conf

routes = routes.conf

bridges = bridges.conf

transports = transports.conf

tibrvcm = tibrvcm.conf

durables = durables.conf

channels = channels.conf

stores = stores.conf

 

########################################################################

# Persistent Storage

########################################################################

store = datastore

 

########################################################################

# Maximum number of connections

########################################################################

max_connections = 0

 

########################################################################

# Maximum message memory

########################################################################

max_msg_memory = 512MB

msg_swapping = enabled

 

########################################################################

# Listen ports. May be tcp or ssl, can specify any number.

# Form is tcp://hostname:port. If the hostname is not present then

# the default host and interface will be used.

########################################################################

listen = tcp://localhost:7222

listen = ssl://localhost:14012

 

########################################################################

# Authorization.

########################################################################

authorization = disabled

 

########################################################################

# Routing.

########################################################################

routing = disabled

 

########################################################################

# Multicast.

########################################################################

multicast = disabled

 

########################################################################

# Producer flow control.

########################################################################

flow_control = disabled

 

########################################################################

# Transports.

########################################################################

tibrv_transports =

 

########################################################################

# Fault-tolerant setup.

########################################################################

ft_active =

ft_heartbeat =

ft_activation =

 

# SSL setup for connection to another FT server. Only required if

# the FT connection has to be secure.

ft_ssl_identity =

ft_ssl_issuer =

ft_ssl_private_key =

ft_ssl_password =

ft_ssl_trusted =

ft_ssl_verify_host =

ft_ssl_verify_hostname =

ft_ssl_expected_hostname=

ft_ssl_ciphers =

 

########################################################################

# Message tracking.

########################################################################

track_message_ids =

track_correlation_ids =

 

########################################################################

# Log file and tracing setup.

########################################################################

logfile = ../log/logfile.txt

log_trace = DEFAULT,+MSG,+SSL,+SSL_DEBUG

console_trace = DEFAULT,+MSG,+SSL,+SSL_DEBUG

 

########################################################################

# SSL Server Setup Information.

#

# These parameters define server-side certificate, private key, issuers

# of client certificates and miscellaneous parameters used by this EMS

# server when handling SSL connections from the clients and other EMS

# servers.

 

########################################################################

# specify Diffie-Hellman key size, valid values are 512, 768, 1024, 2048.

# Default is 1024. Not used for export grade cipher suites.

ssl_dh_size =

 

# can be used to disable specific ciphers or change the

# priority order. This is used in the format accepted

# by OpenSSL, refer to OpenSSL documentation for more info.

# Example: ssl_ciphers = +RC4-MD5:+RC4-SHA

ssl_server_ciphers =

 

# The following is set if all clients must preset the certificate.

# If disabled the client may or may not have the certificate.

ssl_require_client_cert =

 

# This enforces the policy when the connection username is always

# extracted from the certificate, if the certificate was presented

# by the client. This does not affect users who have no certificate.

ssl_use_cert_username =

 

# This specifies a special username, when presented as connection user

# name, the actual username is extracted from the client certificate

# if client has the certificate. This does not affect users who have

# no certificate.

ssl_cert_user_specname = CERTIFICATE_USER

 

# Server certificate, key and private key password. If password not

# specified it is prompted for at start up time. The key and server

# certificate issuers may be included into specified PKCS12 file.

# Supports PEM, DER and PKCS12.

ssl_server_identity = ../certs/server.cert.pem

ssl_server_key = ../certs/server.key.pem

ssl_password = $man$WjtSRCpaXu7hoTkDlcEPr6KNKRr

 

# Server Issuer certificate(s).

# Supports PEM, DER and PKCS#12.

# This may be a part of PKCS12 specified by ssl_server_identity

ssl_server_issuer =

 

# Trusted issuers of client certificates. Supports PEM, DER and PKCS7.

ssl_server_trusted = ../certs/client_root.cert.pem

 

# Path to installed Enthropy Gathering Daemon

ssl_rand_egd =

 

# File containing random data. If specified, used by the server

# at start up time.

 

########################################################################

# DO NOT USE FOR PRODUCTION!

# This is to allow samples to run on machines without a /dev/random

# such as solaris 2.6-2.8.

########################################################################

 

ssl_rand_file = tibemsd

When I attempt to connect to the above-configured tibemsd using one of the sample clients with:

EMSSSLGlobal -server "ssl://localhost:14012" -user testuser1 -password xyzzy! -topic sample.topic -ssl_target_hostname localhost "testing 1 2 3"

 

I get the following error:

 

C:tibcoems5.1samplescs>EMSSSLGlobal -server "ssl://localhost:14012" -user testuser1 -password xyzzy! -topic sample.topic -ssl_target_hostname localhost

 

Global SSL parameters sample.

 

##### Exception:Failed to connect via SSL to [ssl://localhost:14012]: Failed to connect via SSL to [ssl://localhost:14012]: The remote certificate is invalid according to the validation procedure.

 

at TIBCO.EMS.CFImpl._CreateConnection(String userName, String password, Boolean xa)

at TIBCO.EMS.TopicConnectionFactory.CreateTopicConnection(String userName, String password)

at emsSSLGlobal..ctor(String[] args)

 

##### Linked Exception error msg:Failed to connect via SSL to [ssl://localhost:14012]: The remote certificate is invalid according to the validation procedure.

 

##### Linked Exception:

 

at TIBCO.EMS.LinkSSL.Connect(URL url)

 

So what is the reason for this "The remote certificate is invalid according to the validation procedure." error

Could any of you tell me what I'm doing wrong!

Link to comment
Share on other sites

  • 1 year later...
  • 1 year later...
  • 11 months later...
  • 3 weeks later...
  • 2 years later...
×
×
  • Create New...