Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure Service integration > Secure service integration > Enable client SSL authentication
Configure a bus to allow client SSL authentication
We can configure a service integration bus to enable connecting client JMS applications to authenticate by using SSL certificates. Verify the following tasks have been completed:
To allow connecting JMS application clients to authenticate to the bus by using client SSL certificates, define an SSL configuration. There are two parts to this task. First you use the admin console to map SSL certificates to entries in the LDAP user registry. Secondly, you create a unique SSL configuration for each endpoint address for which you want to use client SSL authentication. Do not use the default SSL configuration for the bus.
- Administrative security is enabled. See Enable security.
- A stand-alone LDAP user registry has been configured for storing user and group IDs.
To access the user registry, know a valid user ID that has the administrative role, and password, the server host and port of the registry server, and the base distinguished name (DN). See Configure LDAP user registries.
- Bus security is enabled. See Disable bus security.
- JMS client applications have been configured to authenticate by using client SSL certificates.
Procedure
- Use the admin console to define certificate filters to map an SSL certificate to an entry in the LDAP server. See Create an SSL configuration. The client SSL certificate is mapped to a user ID in the user registry.
- Create a separate SSL configuration file for each endpoint address for server, bus member or cluster on the bus, and select that client authentication is required. See Create an SSL configuration
Results
The bus is configured to allow client SSL authentication.
What to do next
Connect JMS client applications can now authenticate to the bus using client SSL certificates.