Nirvana JMS Client SSL Configuration

This Section describes how to use SSL in your Nirvana JMS applications. Nirvana supports various wire protocols including SSL enabled sockets and HTTPS.

Once you have created an SSL enabled interface for your realm you need to ensure that your JMS application passes the required System properties used by your jsse enabled JVM. The Nirvana download contains some example Java key store files that will be used in this example.

The first such keystore is the client keystore, called client.jks, which can be found in your installation directory, under the /server/Nirvana/bin directory. The second is the CA keystore called nirvanacacerts.jks, which is again located in the /server/Nirvana/bin directory

The following system properties are used by the by the jsse implementation in your JVM. You can specify the SSL properties by passing the following as part of the command line for your JMS application:

where :

javax.net.ssl.keyStore is the client keystore location

javax.net.ssl.keyStorePassword is the password for the client keystore

javax.net.ssl.trustStore is the CA keystore file location

javax.net.ssl.trustStorePassword is password for the CA keystore

As well as the above system properties, if you are intending to use https, your JMS applications will require the following system property to be passed in the command line:

-Djava.protocol.handler.pkgs="com.sun.net.ssl.internal.www.protocol"

As well as the above, the RNAME used by the JMS application must correspond to the correct type of SSL interface, and the correct hostname and port that was configured earlier.

In JMS, the RNAME corresponds to a JNDI reference. The example JMSADmin application can be used to create a sample file based JNDI context, where the RNAME is specified as the content of the TopicConnectionFactoryFactory reference. Once your SSL interface is created you can simply change this value in your JNDI context to be the RNAME you require your JMS applications to use.