Previous Topic: Configure CA ControlMinder Enterprise Management for SSL CommunicationNext Topic: Configure the Servers to Use an Identical Encryption Key

Implementation GuideChanging Communication Encryption MethodsSSL, Authentication, and CertificatesMessage Queue Server SSL Port Numbers

Message Queue Server SSL Port Numbers

When you install CA ControlMinder Enterprise Management, the Message Queue Server is configured with the default SSL communication port numbers. You can modify the port numbers after you installed CA ControlMinder Enterprise Management, for example, to prevent unauthorized access from well-known ports.

Example: Modifying the Message Queue Server SSL Port Numbers

The following example explains how to modify the Message Queue Server SSL port numbers from the default port numbers.

To modify the Message Queue Server SSL Port Numbers

Note: Stop all the CA ControlMinder services or daemons before you modify the Message Queue Server settings.

  1. In the CA ControlMinder Enterprise Management Server, navigate to the following directory: 
    ACServer_InstallDir/AccessControlServer/MessageQueue/tibco/ems/bin
  2. Open the routes.conf file for editing.
  3. Locate the entry [PR_DMS_SERVER] and modify the port number value at the url field. For example: 
    url	= ssl://PR_DMS_SERVER:7777
  4. Open the tibemsd.conf file for editing.
  5. Locate the entry listen ports and modify the port number. For example: 
    listen = ssl://7777
  6. Open the tibcoems-service.xml file for editing.
  7. Locate the section <!-- The JMS provider loader --> and modify the port number at the java.naming.provider.url line. For example: 
    java.naming.provider.url=tibjmsnaming://localhost:7777
  8. Open the factories.conf file for editing.
  9. Locate the following sections: [SSLQueueConnectionFactory], [SSLTopicConnectionFactory], [SSLXAQueueConnectionFactory] and modify the port number at the url field. For example: 
    [SSLQueueConnectionFactory]
  type                     = queue
  url                      = ssl://7777
  ssl_verify_host          = disabled

    [SSLTopicConnectionFactory]
  type                     = topic
  url                      = ssl://7777
  ssl_verify_host          = disabled

    [SSLXAQueueConnectionFactory]
  type                     = xaqueue
  url                      = ssl://7777
  ssl_verify_host          = disabled
  10. Locate the following entry: org.jboss.naming.NamingAlias and modify the port number. For example: 
    tibjmsnaming://localhost:7777
  11. Start the CA ControlMinder services.

    The Message Queue Server SSL port numbers are now modified as required.