为JMS使用特定密钥库 [英] Use specific keystore for JMS

问题描述

我们要求将SSL客户端证书用于与IBM MQ服务器的JMS连接。我已经向专门针对Websphere MQ的问题提出了问题然后我了解到这主要是JSSE的工作，可以通过Java系统属性进行配置（例如 -Djavax.net.ssl.keyStore =< keyStore的位置> ）。

We have the requirement to use SSL client certificate for a JMS connection to an IBM MQ server. I already asked a question specifically for Websphere MQ but then I learned that this is mainly the job of JSSE and can be configured via Java System Properties (e.g. -Djavax.net.ssl.keyStore=<location of keyStore>).

但是由于我们的WildFly 9 AS中已经有应用程序其他部分的活动密钥库，我正在寻找一种方法来启用特定的密钥库只用于JMS部分 - 可以这样做吗？

But since there are already active keystores for other parts of the application within our WildFly 9 AS, I'm looking for a way to enable a specific keystore just for the JMS part - can this be done?

推荐答案

是的，JMS应用程序的MQ类可以使用创建与队列管理器的安全连接时的特定密钥库和信任库。

Yes it is possible for an MQ classes for JMS application to use a specific keystore and truststore when creating secure connections to a queue manager.

默认情况下，JMS的MQ类将使用标准的javax.net.ssl系统属性来确定将哪个证书存储用作密钥和信任存储。但是，您可以通过构建自己的 javax.net.ssl.SSLSocketFactory 对象来自定义，该对象在应用程序使用的JMS连接工厂上设置。

By default, the MQ classes for JMS will use the standard javax.net.ssl System Properties to determine which certificate store to use as the key and trust stores. However, you can customise this by building your own javax.net.ssl.SSLSocketFactory object that gets set on the JMS Connection Factory used by your application.

有关详细信息，请访问知识中心：

See the Knowledge Center for further details:

https://www.ibm.com/support/knowledgecenter/SSFKSJ_9.0.0/com.ibm.mq。 dev.doc / q032450_.htm

这通常意味着您必须在应用程序代码中以编程方式构建或更新JMS连接工厂，而不是仅通过管理和更新JNDI定义 - 这有点不幸。

This typically means you have to programmatically build or update a JMS Connection Factory within application code, rather than via administration only and updating a JNDI definition - which is somewhat unfortunate.

我知道您已声明使用WildFly作为您选择的应用程序服务器，但只是为了您的意识，WebSphere Application Server（WSAS）允许您配置JMS连接JNDI中的工厂，具有可与JMS资源关联的单独SSL / TLS配置（包含证书存储信息，密码套件等）。然后，当应用程序使用它创建JMS连接或上下文时，WSAS将负责创建SSLSocketFactory并在JMS连接工厂上正确设置它。

I know you have stated you are using WildFly as your application server of choice, but just for your awareness, WebSphere Application Server (WSAS) allows you to configure a JMS Connection Factory within JNDI and have a separate SSL/TLS configuration (containing certificate store information, Cipher Suites etc) that can be associated with the JMS resources. WSAS will then take care of creating the SSLSocketFactory and setting it appropriately on the JMS Connection Factory when an application uses it to create a JMS Connection or Context.

因此，您可以通过WSAS管理控制台或wsadmin脚本继续以管理方式定义资源（JMS和SSL），而无需在应用程序中插入特定逻辑来执行此操作，这显然是首选。

As such, you continue to define your resources (JMS and SSL) administratively via the WSAS Administration Console or wsadmin scripting without having to insert specific logic within the application to do this, which is obviously preferred.

WildFly（和其他JEE应用服务器）可能会提供类似的功能，但我不知道。

WildFly (and other JEE app servers) might offer similar functionality, but I do not know.

这篇关于为JMS使用特定密钥库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！