Login

Consultor Eletrônico



Kbase P132442: How do you setup an OpenEdge client to connect to a SonicMQ Broker via ClientConnect or Server Conne
Autor   Progress Software Corporation - Progress
Acesso   Público
Publicação   3/31/2010
Status: Unverified

GOAL:

How do you setup an OpenEdge client to connect to a SonicMQ Broker via ClientConnect or Server Connect with SSL Security enabled?

GOAL:

Can you connect to a SonicMQ broker via a secure connection with ClientConnect or ServerConnect client protocols?

FACT(s) (Environment):

All Supported Operating Systems
OpenEdge 10.x

FIX:

The following set of steps are an example of how SSL may be configured for ClientConnect or BrokerConnect.
When following this example for a live site please be aware of the following references:
The .der file is a signed vendor certificate. Use whatever certificate authority will sign the live certificates.
The pkcs8 is a private key. (the pkcs8 file in the solution)
The pkcs7 is the signed public key certificate. (the p7c file in the solution)


Create a directory to hold the Sonic CA's certificate:

mkdir C:\MyApp\SonicAdapterExtras\certs

mkdir C:\MyApp\SonicAdapterExtras\certs\CA



Copy the following file from %Sonic%\MQ7.x\certs\CA to C:\MyApp\SonicAdapterExtras\certs\CA

SonicMQCA.der





Modify the file %DLC%\properties\AdminServerPlugins.properties in the following way:

In the section [PluginPolicy.Progress.SonicMQ]

- add a new line with the value jvmargs=-DSSL_CA_CERTIFICATES_DIR="C:\MyApp\SonicAdapterExtras\certs\CA"



For ClientConnect/ServerConnect:

- add ,c:\MyApp\SonicAdapterExtras\lib\rsa_ssl.jar to the end of the line beginning classpath=



For BrokerConnect (Note: the admin server will need to be restarted):

- add ,c:\MyApp\SonicAdapterExtras\lib\rsa_ssl.jar to the end of the line beginning pluginclasspath=





To enable certificate based client identification:



Configure the acceptor to accept use Client Authentication (Enable: checked)



Modify the file %DLC%\properties\AdminServerPlugins.properties in the following way:

In the section [PluginPolicy.Progress.SonicMQ]

Add the following to the line beginning with jvmargs=

-DSSL_CERTIFICATE_CHAIN="%SONICMQ_HOME%\certs\client.p7c" -DSSL_PRIVATE_KEY="%SONICMQ_HOME%\certs\clientKey.pkcs8" -DSSL_PRIVATE_KEY_PASSWORD=password -DSSL_CERTIFICATE_CHAIN_FORM=PKCS7



Copy the following files from %Sonic%\MQ7.x\certs to c:\MyApp\SonicAdapterExtras\certs

client.p7c clientKey.pkcs8



Note that all OpenEdge clients connecting from a configured machine will use the same AdminServerPlugins.properties file and will therefore use the same client certificate.



Note also that the SSL_PRIVATE_KEY_PASSWORD should be kept secret and as such the AdminServerPlugins.properties file should be appropriately secured.