SSL Error: Connecting WebLogic Server to Tibco EMS over SSL

The following exception might occur when connecting WebLogic Server JMS Bridge to Tibco EMS Gateway. Bridge’s status: “WARN: failed to connect to the source / target”.

Exception:

javax.naming.ServiceUnavailableException: Failed to query JNDI: 
Failed to connect to the server at tcp://ems-hostname:7243 
[Root exception is javax.jms.JMSException: 
Failed to connect to the server at tcp://ems-hostname:7243]
Caused By: javax.jms.JMSException: Failed to connect to the server 
at tcp://ems-hostname:7243
at com.tibco.tibjms.TibjmsxLinkTcp._doHandshake(TibjmsxLinkTcp.java:893)

Solution:

1. Make sure you have the following files in WebLogic domain lib directory:

#Example:
DIR: /ora/product/oracle/admin/domains/wls_soadom1/lib/Tibco
#Required jars
tibjms.jar
tibcrypt.jar

#Other Tibco jars
slf4j-api-1.4.2.jar
slf4j-simple-1.4.2.jar
tibemsd_sec.jar
tibjmsadmin.jar
tibjmsapps.jar
tibjmsufo.jar
tibrvjms.jar

#Important!
jndi.properties

2. Most important part: create jndi.properties file in above directory with the following arguments:

# /ora/product/oracle/admin/domains/wls_soadom1/lib/Tibco
# jndi.properties

com.tibco.tibjms.naming.security_protocol=ssl
com.tibco.tibjms.naming.ssl_enable_verify_host=false
com.tibco.tibjms.ssl.vendor=j2se
com.tibco.tibjms.security_protocol=ssl
com.tibco.tibjms.ssl_enable_verify_host=false
com.tibco.tibjms.ssl.enable_verify_hostname=false

#DEBUG JVM arguments - not mandatory, only for debugging
com.tibco.tibjms.debug=true
com.tibco.tibjms.ssl.debug.trace=true
com.tibco.tibjms.ssl.trace=true

3. Optional Mandatory: Add lib location to the CLASSPATH in settings for JMS bridge destination for a JMS message provider. WebLogic Server is picking up automatically and recursively all libs from DOMAIN_HOME/lib directory, but not jndi.properties though.

#Example:
/ora/product/oracle/admin/domains/wls_soadom1/lib/Tibco

2014-03-23_000113

 

 Conclusion:

  • Make sure that Tibco root certificate has been added to WLS keystore (NOT DEMO store in PROD)
  • WLS managed server doesn’t have to listen on SSL port – in case of one way connection WLS (client) –> Tibco (Server) over SSL
  • Providing path in CLASSPATH is mandatory in each bridge destination configuration, this is also included in Tibco documentation.
  • Tibco should document its product in much better way.  Requirement for presence of jndi.properties file in lib directory seems to be not documented at all.

Cheers!