WAS v8.5 > WebSphere applications > Service integration > Messaging engines > Messaging engine communicationSecure transport configuration requirements
There are additional configuration requirements when configuring secure transport, such as inbound chains, to establish SSL-based or HTTPS-based connections between messaging engines, or between messaging engines and JMS applications running in a client container.
For an SSL connection to be established successfully, the party that is initiating the connection and the party that is waiting for the connection to be made must both supply a compatible set of credentials.
When you are configuring the client container to bootstrap using an SSL-based transport chain, we specify additional SSL properties in the sib.client.ssl.properties properties file. This file is located in the profile_root/properties directory of the application server installation, where profile_root is the directory in which profile-specific information is stored. The properties in this file are used for all client container bootstrapping activities over both SSL and HTTPS-based bootstrap chains.
We can override or augment properties specified in the sib.client.ssl.properties file by specifying system properties of the same name to the application client. Do this by specifying a -CCD command line option naming the property and its new value. For more information about command line syntax, see launchClient tool.
Some of the properties in the sib.client.ssl.properties file duplicate those in the sas.client.props file. Overriding these properties using wsadmin command options affects both sets of properties.
When you are configuring SSL-based connections between two messaging engines, both the messaging engines must have inbound chains with matching names. These inbound chains must be configured with compatible sets of SSL credentials. The compatibility must be true for both intra-bus messaging engine connections and for connections between messaging engines that are in different buses.
A particular inbound transport chain must have no affinity with a messaging engine. Any enabled inbound transport chain can contact any messaging engine that is active on a server because by default, an application server is created with unsecured inbound transport chains. Disable or delete these chains to restrict access to secure chains only.
Related
Protecting messages transmitted between buses