Depending on the protocol used, all data (including passwords) is usually transmitted through the network in plain text. To maintain the confidentiality of this data, you should apply transport-layer encryption for the message exchange.
Requirements
- Check patchlevel of your PI/PO system (SAP Note 1832863 - SSL support for Tibco EMS)
- Deployment of TIBCO drivers (including tibcrypt.jar)
- SSL-enabled TIBCO JMS provider
Implementation
Create a JMS communication channel for your scenario.
- Transport Protocol: Access JMS Provider Generically
- Specify additional parameters:
- JMS.QueueConnectionFactoryImpl.classname: com.tibco.tibjms.TibjmsQueueConnectionFactory
- JMS.QueueConnectionFactoryImpl.constructor: java.lang.String ssl://yourhostname:yoursslport
- JMS.QueueImpl.classname: com.tibco.tibjms.TibjmsQueue (can be replaced by topic class)
- JMS.QueueImpl.constructor: java.lang.string yourqueuename
- tibco.ssl: true (to enabled SSL communication)
- tibco.ssl.trusted: TrustedCAs (NWA trust store where the TIBCO server or CA certificate is present)
Calling provider-specific factory methods
It might be necessary to set additional SSL parameters. The server certificate name in the host certificate should not be verified. Append the method call to the additional parameters:
- JMS.QueueConnectionFactoryImpl.method.setSSLEnableVerifyHostName: java.lang.Boolean false
Check the relevant TIBCO documentation for available methods. For example:
TibjmsConnectionFactory (TIBCO Enterprise Message Service)
References
Defining Generic Access to the JMS Provider - Advanced Adapter Engine - SAP Library
SAP Note 1832863 - SSL support for Tibco EMS
http://service.sap.com/sap/support/notes/1832863
SAP Note 1138877 - How to Deploy External Drivers JDBC/JMS Adapters