Page tree
Skip to end of metadata
Go to start of metadata

General info

Java Virtual Machine determines which secure layer to use. FIXICC package includes and runs on JRE 1.8.x. Java 8 by default uses TLS 1.2

SSL/TLS between FIXICC UI and FIXICC Agent

TrustStore and keyStore

In order to define SSL/TLS connection between two java application you need to have TrustStore and KeyStore. Keystores are a special java storage for private and public keys and certificates. 

Here is an example how to create these storages by using keytool that is part of J2SE SDK(http://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html)

  1. Create KeyStore. 
    keytool -keystore fixiccKeystore.key -genkey -alias fixicc
    Program will ask for certificate owner information and password, enter 112233 as password or own for KeyStore 
    After this command you will have keystore file in working directory. 
    This file can be used as a KeyStore and as a TrustStore. In next steps we will export certificate from this KeyStore and will create TrustStore with this certificate. You can skip next steps and use fixiccKeystore.key as TrustStore.

  2. Export certificate 
    keytool -export -keystore fixiccKeystore.key -alias fixicc -rfc -file fixicc.cer
    Enter 112233 as password or your password for KeyStore

  3. Create TrustStore
    keytool -import -file fixicc.cer -alias fixiccUI -keystore fixiccTrustStore.key
    Enter 112233 as password or your password for TrustStore 
    After this command you will have keystore file in working directory that we will use as TrustStore in FIXICC UI.

Enabling SSL/TLS on FIXICC Agent side

To enable SSL/TLS FIXICC Agent it is required to add AgentServerEnableSSL=true parameter to agent.properties.

Also you need to define your keyStore in additional JVM parameters. To do it you can add two parametes to wrapper.conf.

For example keyStore has name fixiccKeystore.key and this file has been added to conf directory. 

wrapper.java.additional.1=-Djavax.net.ssl.keyStore=${wrapper_home}/conf/fixiccKeystore.key
wrapper.java.additional.2=-Djavax.net.ssl.keyStorePassword=112233

\[optional\] you can enable debugging SSL/TLS in JVM

wrapper.java.additional.3=-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
wrapper.java.additional.4=-Djavax.net.debug=ssl

After set up configuration you need restart FIXICC Agent. Please check the log file and make sure that the FIXICC Agent started without errors.

Enabling SSL/TLS on FIXICC UI side

To enable SSL/TLS FIXICC UI it needs to add enableSSL=true parameter to fixengine.properties.

Also you have to define your TrustStore in additional JVM parameters. To do it you can add two options to 'default_options' parameter in fixicc.conf

For example TrustStore has name fixiccTrustStore.key and this file is in etc directory.

default_options="<OTHER_PRAMETERS> -J-Djavax.net.ssl.trustStore=etc/fixiccTrustStore.key -J-Djavax.net.ssl.trustStorePassword=112233"

 

  • No labels