Java Virtual Machine determines which secure layer to use. FIXICC package includes and runs on JRE 1.8.x. Java 8 by default uses TLS 1.2
SSL/TLS between FIXICC UI and FIXICC Agent
TrustStore and keyStore
In order to define SSL/TLS connection between two java application, you need to have TrustStore and KeyStore. Keystores are a special java storage for private and public keys and certificates.
Here is an example of how to create these storages by using keytool that is part of J2SE SDK(http://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html)
The program will ask for certificate owner information and password, enter 112233 as the password or own for KeyStore
After this command, you will have a keystore file in the working directory.
This file can be used as a KeyStore and as a TrustStore. In next steps, we will export certificate from this KeyStore and will create TrustStore with this certificate. You can skip next steps and use fixiccKeystore.key as TrustStore.
Enter 112233 as the password or your password for KeyStore
Enter 112233 as the password or your password for TrustStore
After this command, you will have a keystore file in the working directory that we will use as TrustStore in FIXICC UI.
Enabling SSL/TLS on FIXICC Agent side
To enable SSL/TLS FIXICC Agent it is required to add AgentServerEnableSSL=true parameter to agent.properties.
Also, you need to define your keyStore in additional JVM parameters. To do it you can add two parameters to wrapper.conf.
For example, keyStore has name fixiccKeystore.key and this file has been added to conf directory.
\[optional\] you can enable debugging SSL/TLS in JVM
After set up configuration you need restart FIXICC Agent. Please check the log file and make sure that the FIXICC Agent started without errors.
Enabling SSL/TLS on FIXICC UI side
To enable SSL/TLS FIXICC UI it needs to add enableSSL=true parameter to fixengine.properties.
Also, you have to define your TrustStore in additional JVM parameters. To do it you can add two options to 'default_options' parameter in fixicc.conf
For example, TrustStore has name fixiccTrustStore.key and this file is in etc directory.