Kbase 20895: SonicMQ: Example SSL Certificate-based Mutual Authentication
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
4/25/2001 |
|
SUMMARY:
SonicMQ version 3.0 permits client-to-server SSL mutual authentication. This solution provides an example of using the Chat sample with Certificate-based Mutual Authentication.
EXPLANATION:
Follow these steps:
1) Go to SonicMQ Explorer > Certificate Stores
2) Import the client certificate (PKCS7 format) to see under
Certificate Details, the Common Name (CN).
3) Copy and paste that name into the Users table of the SonicMQ
broker to which the Explorer is connected.
This becomes the broker that is used for the SSL
connections.
In addition, the Chat example needs to be started with the SSL environment set and needs to use "AUTHENTICATED" as user name.
For example:
java -Xms32m -Xmx32m -DSSL_CA_CERTIFICATES_DIR=mycerts\CA
-DSSL_CERTIFICATE_CHAIN=mycerts\testcert.p7c
-DSSL_PRIVATE_KEY=mycerts\clientKey.pkcs8
-DSSL_CERTIFICATE_CHAIN_FORM=PKCS7
-DSSL_PRIVATE_KEY_PASSWORD=password Chat -b ssl://pcrwe2:6506
-u AUTHENTICATED -p test
Reference to Written Documentation:
SonicMQ Installation and Administration Guide, Chapter 1, Installation Configuring the Default SSL.
SonicMQ Deployment Guide, Chapter 5, Security Table 8, Connection Security Checking.