Secure connections to a WebSphere Application Server service integration bus messaging engine

Secure connections to a WebSphere Application Server service integration bus messaging engine

To enable an XMS .NET application to make secure connections to a WebSphere Application Server service integration bus messaging engine, the relevant properties must be defined in the ConnectionFactory object.

XMS provides SSL and HTTPS support for connections to a WebSphere Service Integration Bus. SSL and HTTPS provide secure connections for authentication and confidentiality.

Like WebSphere security, XMS security is configured with respect to JSSE security standards and naming conventions, which include the use of CipherSuites to specify the algorithms that are used when negotiating a secure connection. The protocol used in the encryption negotiation can be either SSL or TLS, depending on which CipherSuite you specify in the ConnectionFactory object.

Table 1 lists the properties that must be defined in the ConnectionFactory object.

Table 1. Properties of ConnectionFactory for secure connections to a WebSphere Application Server service integration bus messaging engine

Name of property Description

XMSC_WPM_SSL_CIPHER_SUITE The name of the CipherSuite to be used on a TLS connection to a WebSphere Service Integration Bus messaging engine. The protocol used in negotiating the secure connection depends on the specified CipherSuite.

XMSC_WPM_SSL_KEYRING_LABEL The certificate to be used when authenticating with the server.

The following is an example of ConnectionFactory properties for secure connections to a WebSphere Application Server service integration bus messaging engine:
cf.setStringProperty(XMSC_WPM_PROVIDER_ENDPOINTS, host_name:port_number:chain_name);
cf.setStringProperty(XMSC_WPM_SSL_KEY_REPOSITORY, key_repository_pathname); 
cf.setStringProperty(XMSC_WPM_TARGET_TRANSPORT_CHAIN, transport_chain); 
cf.setStringProperty(XMSC_WPM_SSL_CIPHER_SUITE, cipher_suite);
cf.setStringProperty(XMSC_WPM_SSL_KEYRING_STASH_FILE, stash_file_pathname);
Where chain_name should be set to either BootstrapTunneledSecureMessaging or BootstrapSecureMessaging, and port_number is the number of the port on which the bootstrap server listens for incoming requests.
The following is an example of ConnectionFactory properties for secure connections to a WebSphere Application Server service integration bus messaging engine with sample values inserted:
  /* CF properties needed for an SSL connection */
    cf.setStringProperty(XMSC_WPM_PROVIDER_ENDPOINTS,"localhost:7286:BootstrapSecureMessaging");
    cf.setStringProperty(XMSC_WPM_TARGET_TRANSPORT_CHAIN,"InboundSecureMessaging");    
    cf.setStringProperty(XMSC_WPM_SSL_KEY_REPOSITORY,"C:\\Program Files\\IBM\\gsk7\\bin\\XMSkey.kdb");    
    cf.setStringProperty(XMSC_WPM_SSL_KEYRING_STASH_FILE,"C:\\Program Files\\IBM\\gsk7\\bin\\XMSkey.sth");
    cf.setStringProperty(XMSC_WPM_SSL_CIPHER_SUITE,"SSL_RSA_EXPORT_WITH_RC4_40_MD5");
CipherSuite and CipherSpec name mappings for connections to a WebSphere Application Server service integration bus
Because GSKit uses CipherSpecs rather than CipherSuites, the JSSE-style CipherSuite names specified in the XMSC_WPM_SSL_CIPHER_SUITE property must be mapped to the GSKit-style CipherSpec names.
Parent topic: Securing communications for XMS applications

Related reference

IConnectionFactory (for the .NET interface)
Properties of ConnectionFactory
Required properties for administered ConnectionFactory objects

Name of property	Description
XMSC_WPM_SSL_CIPHER_SUITE	The name of the CipherSuite to be used on a TLS connection to a WebSphere Service Integration Bus messaging engine. The protocol used in negotiating the secure connection depends on the specified CipherSuite.
XMSC_WPM_SSL_KEYRING_LABEL	The certificate to be used when authenticating with the server.