Skip to main content

Problem:

  • Product Name: Borland Enterprise Server, AppServer Edition
  • Product Version: 5.2.1 Service Pack 20 & 7.0 Service Pack 4
  • Product Component: SSL
  • Platform/OS Version: AIX 5.3
  • JDK: IBM 1.4.2 & Java 6

What are the steps needed to configure VisiBroker for Java to use Java Keystore for SSL.

Resolution:

 

Generation of keys using Java Keystore


The current generated certificate is valid until: 10/18/09 11:12 AM. You need to follow the steps below to re-generate the key.

Note: The keypass and storepass must be similar. Currently, both IBM and SUN does not provide properties to pass in the keypass to the application. An enhancement CR 10074 has been raised for VisiBroker to allow key to be generated with different keypass and storepass.


  • Generate a private/public key pair for the server.

keytool -genkey -alias SERVER -keypass password -storepass password -keystore SERVER_keystore.jks -dname "CN=SERVER, OU=Borland, O=Borland, L=Borland, C=SG"


  • Export the server key pair as a X509 certificate.

keytool -export -alias SERVER -storepass password -file server.cer -keystore SERVER_keystore.jks

  • Import the server X509 certificate into the client trust store. This step is necessary as the client is configured to use REQUIRE_AND_TRUST.

keytool -import -v -trustcacerts -alias SERVER -file server.cer -keystore client_truststore.jks -keypass password -storepass ctspassword

  • Generate a private/public key pair for the client.

keytool -genkey -alias CLIENT -keypass password -storepass password -keystore CLIENT_keystore.jks -dname "CN=CLIENT, OU=Borland, O=Borland, L=Borland, C=SG"

  • Export the client key pair as a X509 certificate.

keytool -export -alias CLIENT -storepass password -file client.cer -keystore CLIENT_keystore.jks

  • Import the client X509 certificate into the server trust store. This step is necessary as the server is configured to use REQUIRE_AND_TRUST.

keytool -import -v -trustcacerts -alias CLIENT -file client.cer -keystore server_truststore.jks -keypass password -storepass stspassword


Properties to initialize Java Server


  • vbroker.security.disable=false
  • vbroker.security.peerAuthenticationMode=REQUIRE_AND_TRUST
  • vbroker.se.iiop_tp.scm.ssl.listener.trustInClient=true

Properties to initialize Java Client


  • vbroker.security.disable=false
  • vbroker.security.secureTransport=true
  • vbroker.security.alwaysSecure=true
  • vbroker.security.peerAuthenticationMode=REQUIRE_AND_TRUST


 

References

  • http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=/rzaha/rzahajssesysprops.htm

#VisiBroker
#Security
Terms & ConditionsAccessibility statement