Configuring Transport Layer Security for Eclipse Amlen resource adapter by using customized security configuration options

Configure a secure connection between Eclipse Amlen and the Eclipse Amlen RA running on WebSphere® Application Server.

On Eclipse Amlen, ensure that you configure your security profile and policies on the endpoint that you are using to accept WebSphere Application Server connections. The security profile defines the Transport Layer Security (TLS) that is applied to an endpoint. Ensure that you know which port or ports on the Eclipse Amlen can be accessed from the WebSphere Application Server.

If you want to use a non-default security configuration, ensure that this security configuration is created and configured. For more information about creating a security configuration for WebSphere Application Server, see Creating a Secure Sockets Layer configuration.

If you want to use a non-default secure socket factory, you must ensure that the class that you use is accessible to the Eclipse Amlen RA. Depending upon the class location, you might need to add the class to the class path specified under Resources > Resource adapters > IBM Watson IoT Platform - Message Gateway resource adapter.

In addition to the required setting of tcps for protocol, the two following optional configuration settings that you can use to customize the security configuration for the Eclipse Amlen RA. You can use either or both of these security configuration settings. If protocol is not set to tcps, then these optional settings are ignored.

securityConfiguration: This value is required if you are using a non-default security configuration.
securitySocketFactory: This value is required if you are using a non-default security socket factory class.

To use secure connections in the Eclipse Amlen RA, complete the following steps in the WebSphere Application Server administrative console.

Choose to configure security for inbound connections, or outbound connections, or both.

For inbound connections, set the value of protocol in the activation specification. The activation specification is associated with one or more message-driven beans (MDBs) and provides the configuration necessary for these MDBs to receive messages.
1. Click Resources > Resource adapters > J2C activation specifications > activation_specification_name.
2. Click the J2C activation specification custom properties link.
3. Set the protocol configuration value to tcps.
4. Set the securitySocketFactory configuration value. Set the securitySocketFactory configuration value only if you want to use a security socket factory other than the application server default factory.
5. Set the securityConfiguration configuration value. Set the securityConfiguration configuration value only if you want to use a security configuration other than the application server default configuration.
  Note: When set, the securityConfiguration value is passed as a string argument to the security socket factory constructor. If the factory does not provide a constructor that takes a single string argument, then connection creation fails.
For outbound connections, set the value of protocol in the appropriate connection factory configuration. The WebSphere Application Server uses connection factories to create connections to Eclipse Amlen.
1. Click Resources > Resource adapters > J2C connection factories > connection_factory_name.
2. Click the Custom properties link.
3. Set the protocol configuration value to tcps.
4. Set the securitySocketFactory configuration value. Set the securitySocketFactory configuration value only if you want to use a security socket factory other than the application server default factory.
5. Set the securityConfiguration configuration value. Set the securityConfiguration configuration value only if you want to use a security configuration other than the application server default configuration.
  Note: When set, the securityConfiguration value is passed as a string argument to the security socket factory constructor. If the factory does not provide a constructor that takes a single string argument, then connection creation fails.