SSL certificates configuration in Tibco AMBW for HTTPS ?

Step 1: Server Certificate - Generate Key

To create the certificate ,can use a command line utility tool called 'keytool'  This tool will get  with jdk/jre.

“C:\Program Files\Java\jre1.6.0_02\bin” as keytool or it is available in tibco folder while installation of TIBCO software

Generate key, Export key commands for HTTPS Server and  Import key command is for HTTPS Client.

The command for generate key is

keytool -genkey -alias server-alias -keyalg RSA -keypass <KeyPassword> -storepass <StoresPassword> -keystore keystoreCerts.jks

The command for export public key.

keytool -export -alias server-alias -storepass <StoresPassword>  -file server.cer -keystore keystoreCerts.jks

keystoreCerts.jks is name of the file which acts as repository of keys, This key will be publish to the world by server.cer which can give this file to anyone who wants to connect to your server

Step 2: Install key at server side- Identity

Create an Identity in your BW project. Choose type “Identity file”. Provide URL as path to keystoreCerts.jks.
Give the file type 'JKS' and password. Save the server identity.

This is the HTTPS configuration for Server Side

Step 3: Importing the certificate and installing it at client side - Import the key

Get the server.cer from the server authority which is publicly available.

The command for import  public key

keytool -import -v -trustcacerts -alias server-alias -file server.cer -keystore cacerts.jks -keypass <Keypassword> -storepass <StoresPassword>

As this command succeeds, you will have public key imported in the local keystore cacerts.jks

Step 4: Install key at client side- Identity

Create an identity i.e. client identity using file cacerts.jks.
Certificate in PEM format. In the BW project import the public certificate using Tools>Trusted Certificates>Import into PEM format.

Create 'HTTP send Request' and use SSL.

This is the HTTPS configuration for client Side
Note : By deafault expiry date for these certs are 3 months only So can change the validity of the Certs  expiry date by adding a"- validity" token in genkey command .Example shown in below.

Example :
open the command prompt and go to the java Key Tool path "C:\Program Files\Java\jre1.5.0_15\bin"
 Fire these below commands and can show the certs in same path "C:\Program Files\Java\jre1.5.0_15\bin"

keytool -genkey -alias server-alias -keyalg RSA -validity 365 -keypass ExampleKey1234 -storepass ExampleKey1234 -keystore ExampleKeystoreCerts.jks
keytool -export -alias server-alias -storepass ExampleKey1234  -file ExampleServer.cer -keystore ExampleKeystoreCerts.jks
keytool -import -v -trustcacerts -alias server-alias -file ExampleServer.cer -keystore cacerts.jks -keypass ExampleKey1234 -storepass ExampleKey1234

  © Blogger templates The Professional Template by Ourblogtemplates.com 2008

Back to TOP