Introduction:
Using Universal Messaging, the user should be able to create Two-way SSL authentication (UM authenticates itself via certificate and require IS to authenticate itself with certificate). This article details the steps on creating the two-way SSL connection alias and publish and subscribe messages using Integration server.
Pre-Requisites
- Generate server key,cert, keystore and truststore files using OpenSSL and by following below commands:
- openssl genrsa -out diagserverCA.key 2048
- openssl req -x509 -new -nodes -key diagserverCA.key -sha256 -days 1024 -out diagserverCA.pem
- openssl pkcs12 -export -name server-cert -in diagserverCA.pem -inkey diagserverCA.key -out serverkeystore.p12
- keytool -importkeystore -destkeystore server.keystore -srckeystore serverkeystore.p12 - srcstoretype pkcs12 -alias server-cert
- keytool -import -alias client-cert -file diagclientCA.pem -keystore server.truststore
- keytool -import -alias server-cert -file diagserverCA.pem -keystore server.truststore
- Generate client key,cert, keystore and truststore files using OpenSSL and by following below commands
- openssl genrsa -out diagclientCA.key 2048
- openssl req -x509 -new -nodes -key diagclientCA.key -sha256 -days 1024 -out diagclientCA.pem
- openssl pkcs12 -export -name client-cert -in diagclientCA.pem -inkey diagclientCA.key -out clientkeystore.p12
- keytool -importkeystore -destkeystore client.keystore -srckeystore clientkeystore.p12 - srcstoretype pkcs12 -alias client-cert
- keytool -import -alias server-cert -file diagserverCA.pem -keystore client.truststore
- keytool -import -alias client-cert -file diagclientCA.pem -keystore client.truststore
Creating server and client configuration in IS and UM
Once we have generated the client and server keystore files we can configure them in IS and UM as shown below.
Configurating Keystore and Truststore alias in IS:
• In IS, navigate to Security> Keystore page and click on Create keystore alias and enter the
below values
Alias : mqttKeystore
Type: PKCS12
Provider: SUN
Location: Complete path of Client keystore file
Password: Client Keystore password
• Similarly create Truststore alias by navigating to Security> Keystore page and click on Create
truststore alias and enter the below values
Alias: mqttTruststore
Type: JKS
Provider: SUN
Location: Complete path of Client truststore file
Password: Client truststore password
Configuring server certificates in UM:
• In Enterprise Manager, navigate to the ‘Comms’ tab and click on '‘Add Interface’ button
• Select Type as nsps and enter port 8883 and save changes
• Select the newly added row for 8883 port and navigate to certificates sub-tab
• Update the values as mentioned as below
Key store path: Complete path of server keystore
key store password
Trust store path: Complete path of server truststore
Trust store password: server truststore password
Private key password: key password
CA store password: truststore password
Creating and enabling the 2way SSL connection
Verifying publish and Subscribe of messages to topic on UM using Integration Server
• Launch designer and connect to integration sever.
• Create package and folder MQTT and MQTT_Test in designer
• Create publish flow service in MQTT_Test folder using the built-in
service pub.mqtt:publish.
• Create another flow service subscribe to check the server log in integration server if the message is successfully subscribed from MQTT Server Topic
• Integration Server can subscribe to topics by creating an MQTT trigger. The MQTT trigger receives messages published to the topic on the MQTT server and then invokes a trigger service to process the messages.
•Integration Server uses an MQTT connection alias to create a connection to the MQTT server. An invocation of the pub.mqtt:publish service requires the MQTT connection alias to publish the message to the MQTT server. Similarly, an MQTT trigger specifies the MQTT connection alias that it uses to identify the MQTT server from which it retrieves messages and on which the trigger creates subscriptions.
• Run the Publisher service
Verify message in server log of integration server
Top comments (0)