Securing JMS message-driven-channel-adapter

Question

I am using a message-driven-channel-adapter to read messages off MQ queue, and this has been working fine in development. Now, in preparation for the first production release, I have to read a secured queue instead.

What do I need to do?

I think I need to make sure the following are set as system properties, but with what values?

javax.net.ssl.trustStore
javax.net.ssl.trustStorePassword
javax.net.ssl.keyStore
javax.net.ssl.keyStorePassword

I get the connectionFactory from jndi and it has the SSLCipherSuite set.

I have been given a clear text password and a JKS file that contains both the keystore and the truststore

What do I need to do next?

Answer 1

The values are the paths and password for the JKS. For example,

java -cp "%CLASSPATH%" -Djavax.net.ssl.trustStore="C:\Program Files\IBM\WebSphere MQ\key.jks" -Djavax.net.ssl.keyStore="C:\Program Files\IBM\WebSphere MQ\key.jks" -Djavax.net.ssl.keyStorePassword=password com.ibm.examples.JMSDemo -pub %*

Assuming this is WebSphere MQ and the keystore/truststore are configured with the right objects, this is all that is required.