How to test ssl after ssl is enabled
We have moved the cert to the solace and enabled it, now when we try to perform the test connection
on TIBCO BW tool using smfs://<>:55443 we are getting the error
Can some one advise what is the issue and how enable loglevel to debug as the doc suggest to use the java systemproperties:
Dsun.security.krb5.debug=true.
How to set this to see more logs on this. It would be helpful. Thank you in adavance.
Comments
-
hi @Manikanta532 ,
My guess is that you have not change the BW part yet. If that's right, then you will basically need to setup trust store just like Java apps in general. Take a look here https://docs.solace.com/Developer-Tools/Integration-Guides/Solace-JMS-Integration-TIBCO-ActiveMatrix-BusinessWorks.pdf in chapter 7.1 -
Hi Arih,
I have added the java.property.TIBCO_SECURITY_VENDOR=j2se in bwdesign.tra and bwagent.tra
And JNDI propertis in JNDI Configuration still am facing issue below issue.
AS per show Service command from CLI , port 55443 is up , but we are not able to do telnet, can you suggest anything from that point.
Note: This is TIBCO BW6.
Thank you
Manikanta.0 -
Does it work with non-TLS? That would simplify debugging? Solace default unsecure port is 55555. Just to verify you can connect?
I'm not sure how exactly to enable debug logging in BW. Can you find out from Tibco community? Typically for Java applications using Solace, if there is log4j or Apache Commons Logging (jal) then you just need to add the appropriate loggers/appenders for
com.solacesystems.jcsmpand set the log level to debug. Is there a log4j configuration file or something in BW?0 -
Oh okay, BW6 is not the same as how BW5 would work. So the link I provided may not be usable for BW6.
If you were able to connect your BW6 to plain text port (55555) before, then it should be more on how to do similar steps for BW5 in your BW6. A bit tough for me to try since I don't have the BW6 environment
0 -
Thank you both ,i can connnect to unsecured port 55555 using the same BW6. I will just look at the place where we can add the property to enable loglevel to debug , presently i dont have idea on that. firewall is disabled in our machine, will that cause issue ? for the interaction with the port 55443 ?
Any pointers on that?0 -
After enabling port on 55443 , issue is resolve, and document has helped to add the JNDI properties. Thank you !!
0 -
Ah, so you just needed to enable the port on the broker?? Haha easy fix. Sorry we didn't think of that. And I'm guessing you figured out that you need to upload a server certificate and stuff in order for that port to become Operational.
Anyhow, let us know how your testing goes. We have lots of customers using BW5 with Solace, but I don't know too many using BW6.
0 -
If you want to test any TLS connection, try openssl:
openssl s_client -connect broker:55443
In the output you can see:- if port is open :-)
- if tls server certificate is configured
- content of tls server certificate (like: Common Name, issuer,...)
- expiry date of tls server certificate
With the issuer data, you can e.g. configure the validation / certificate authorities on client side.
Obviously, this openssl command is NOT restricted to connect to Solace brokers :-)
2
