Java Virtual Machine determines which secure layer to use. FIXICC package includes and runs on JRE 1.8.x. Java 8 by default uses TLS 1.2
SSL/TLS between FIXICC UI and FIXICC Agent
TrustStore and keyStore
In order to define SSL/TLS connection between two java application you need to have TrustStore and KeyStore. Keystores are a special java storage for private and public keys and certificates.
Here is an example how to create these storages by using keytool that is part of J2SE SDK(http://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html)
- Create KeyStore.
keytool -keystore fixiccKeystore.key -genkey -alias fixicc
Program will ask for certificate owner information and password, enter 112233 as password or own for KeyStore
After this command you will have keystore file in working directory.
This file can be used as a KeyStore and as a TrustStore. In next steps we will export certificate from this KeyStore and will create TrustStore with this certificate. You can skip next steps and use fixiccKeystore.key as TrustStore.
- Export certificate
keytool -export -keystore fixiccKeystore.key -alias fixicc -rfc -file fixicc.cer
Enter 112233 as password or your password for KeyStore
- Create TrustStore
keytool -import -file fixicc.cer -alias fixiccUI -keystore fixiccTrustStore.key
Enter 112233 as password or your password for TrustStore
After this command you will have keystore file in working directory that we will use as TrustStore in FIXICC UI.
Enabling SSL/TLS on FIXICC Agent side
To enable SSL/TLS FIXICC Agent it is required to add AgentServerEnableSSL=true parameter to agent.properties.
Also you need to define your keyStore in additional JVM parameters. To do it you can add two parametes to wrapper.conf.
For example keyStore has name fixiccKeystore.key and this file has been added to conf directory.
\[optional\] you can enable debugging SSL/TLS in JVM
After set up configuration you need restart FIXICC Agent. Please check the log file and make sure that the FIXICC Agent started without errors.
Enabling SSL/TLS on FIXICC UI side
To enable SSL/TLS FIXICC UI it needs to add enableSSL=true parameter to fixengine.properties.
Also you have to define your TrustStore in additional JVM parameters. To do it you can add two options to 'default_options' parameter in fixicc.conf
For example TrustStore has name fixiccTrustStore.key and this file is in etc directory.