SSL Error: Connecting WebLogic Server to Tibco EMS over SSL

The following exception might occur when connecting WebLogic Server JMS Bridge to Tibco EMS Gateway. Bridge’s status: “WARN: failed to connect to the source / target”.

Exception:

javax.naming.ServiceUnavailableException: Failed to query JNDI: 
Failed to connect to the server at tcp://ems-hostname:7243 
[Root exception is javax.jms.JMSException: 
Failed to connect to the server at tcp://ems-hostname:7243]
Caused By: javax.jms.JMSException: Failed to connect to the server 
at tcp://ems-hostname:7243
at com.tibco.tibjms.TibjmsxLinkTcp._doHandshake(TibjmsxLinkTcp.java:893)

Solution:

1. Make sure you have the following files in WebLogic domain lib directory:

#Example:
DIR: /ora/product/oracle/admin/domains/wls_soadom1/lib/Tibco
#Required jars
tibjms.jar
tibcrypt.jar

#Other Tibco jars
slf4j-api-1.4.2.jar
slf4j-simple-1.4.2.jar
tibemsd_sec.jar
tibjmsadmin.jar
tibjmsapps.jar
tibjmsufo.jar
tibrvjms.jar

#Important!
jndi.properties

2. Most important part: create jndi.properties file in above directory with the following arguments:

# /ora/product/oracle/admin/domains/wls_soadom1/lib/Tibco
# jndi.properties

com.tibco.tibjms.naming.security_protocol=ssl
com.tibco.tibjms.naming.ssl_enable_verify_host=false
com.tibco.tibjms.ssl.vendor=j2se
com.tibco.tibjms.security_protocol=ssl
com.tibco.tibjms.ssl_enable_verify_host=false
com.tibco.tibjms.ssl.enable_verify_hostname=false

#DEBUG JVM arguments - not mandatory, only for debugging
com.tibco.tibjms.debug=true
com.tibco.tibjms.ssl.debug.trace=true
com.tibco.tibjms.ssl.trace=true

3. Optional Mandatory: Add lib location to the CLASSPATH in settings for JMS bridge destination for a JMS message provider. WebLogic Server is picking up automatically and recursively all libs from DOMAIN_HOME/lib directory, but not jndi.properties though.

#Example:
/ora/product/oracle/admin/domains/wls_soadom1/lib/Tibco

2014-03-23_000113

 

 Conclusion:

  • Make sure that Tibco root certificate has been added to WLS keystore (NOT DEMO store in PROD)
  • WLS managed server doesn’t have to listen on SSL port – in case of one way connection WLS (client) –> Tibco (Server) over SSL
  • Providing path in CLASSPATH is mandatory in each bridge destination configuration, this is also included in Tibco documentation.
  • Tibco should document its product in much better way.  Requirement for presence of jndi.properties file in lib directory seems to be not documented at all.

Cheers!

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close