Problem

Need to enable JMS Integration transport to perform Client Authentication.

Resolution

To enable the JMS Integration transport to perform Client Authentication through certificate exchange the following must be completed:

1. On the JMS broker side, a keystore and truststore should be created that contains the ‘Server’ side certificate. Please see the JMS broker documentation on proper setup of this.

2. Generate a client side (Integration Engine) certificate and keystore for Integrator to use (can be completed with keytool located in <B2Bi_Install>/jre/bin)

Generate a client Certificate and Keystore:
keytool -genkey -alias client -keyalg RSA -keystore client.ks

Generate a client Truststore and import the server/broker certificate:
keytool -import -alias broker -keystore client.ts -file <JMS Broker Public Certificate File>

3. Export the Client’s public certificate and provide to the JMS broker to import into the broker Truststore:

Export Client certificate:
keytool -export -alias client -keystore client.ks -file client_cert

4. Add the following lines to the <Axway_Install>/Integrator/local/config/java/jvm.cfg

For Linux installations:
UNIX:Append= -Djavax.net.ssl.keyStore=<path to client keystore>
UNIX:Append= -Djavax.net.ssl.keyStorePassword=<keystore password>
UNIX:Append= -Djavax.net.ssl.trustStore=<path to client truststore>

For Windows installations:

WINDOWS:Append= -Djavax.net.ssl.keyStore=<path to client keystore>
WINDOWS:Append= -Djavax.net.ssl.keyStorePassword=<keystore password>
WINDOWS:Append= -Djavax.net.ssl.trustStore=<path to client truststore>

5. Restart the Integrator to take effect.