Step 1: Server Certificate - Generate Key
To create the certificate ,can use a command line utility tool called 'keytool' This tool will get with jdk/jre.
“C:\Program Files\Java\jre1.6.0_02\bin” as keytool or it is available in tibco folder while installation of TIBCO software
Generate key, Export key commands for HTTPS Server and Import key command is for HTTPS Client.
The command for generate key is
keytool -genkey -alias server-alias -keyalg RSA -keypass <KeyPassword> -storepass <StoresPassword> -keystore keystoreCerts.jks
The command for export public key.
keytool -export -alias server-alias -storepass <StoresPassword> -file server.cer -keystore keystoreCerts.jks
keystoreCerts.jks is name of the file which acts as repository of keys, This key will be publish to the world by server.cer which can give this file to anyone who wants to connect to your server
Step 2: Install key at server side- Identity
Create an Identity in your BW project. Choose type “Identity file”. Provide URL as path to keystoreCerts.jks.
Give the file type 'JKS' and password. Save the server identity.
This is the HTTPS configuration for Server Side
Step 3: Importing the certificate and installing it at client side - Import the key
Get the server.cer from the server authority which is publicly available.
The command for import public key
keytool -import -v -trustcacerts -alias server-alias -file server.cer -keystore cacerts.jks -keypass <Keypassword> -storepass <StoresPassword>
As this command succeeds, you will have public key imported in the local keystore cacerts.jks
Step 4: Install key at client side- Identity
Create an identity i.e. client identity using file cacerts.jks.
Certificate in PEM format. In the BW project import the public certificate using Tools>Trusted Certificates>Import into PEM format.
Create 'HTTP send Request' and use SSL.
This is the HTTPS configuration for client Side
Note : By deafault expiry date for these certs are 3 months only So can change the validity of the Certs expiry date by adding a"- validity" token in genkey command .Example shown in below.
Example :
open the command prompt and go to the java Key Tool path "C:\Program Files\Java\jre1.5.0_15\bin"
Fire these below commands and can show the certs in same path "C:\Program Files\Java\jre1.5.0_15\bin"
keytool -genkey -alias server-alias -keyalg RSA -validity 365 -keypass ExampleKey1234 -storepass ExampleKey1234 -keystore ExampleKeystoreCerts.jks
keytool -export -alias server-alias -storepass ExampleKey1234 -file ExampleServer.cer -keystore ExampleKeystoreCerts.jks
keytool -import -v -trustcacerts -alias server-alias -file ExampleServer.cer -keystore cacerts.jks -keypass ExampleKey1234 -storepass ExampleKey1234
Note : By deafault expiry date for these certs are 3 months only So can change the validity of the Certs expiry date by adding a"- validity" token in genkey command .Example shown in below.
Example :
open the command prompt and go to the java Key Tool path "C:\Program Files\Java\jre1.5.0_15\bin"
Fire these below commands and can show the certs in same path "C:\Program Files\Java\jre1.5.0_15\bin"
keytool -genkey -alias server-alias -keyalg RSA -validity 365 -keypass ExampleKey1234 -storepass ExampleKey1234 -keystore ExampleKeystoreCerts.jks
keytool -export -alias server-alias -storepass ExampleKey1234 -file ExampleServer.cer -keystore ExampleKeystoreCerts.jks
keytool -import -v -trustcacerts -alias server-alias -file ExampleServer.cer -keystore cacerts.jks -keypass ExampleKey1234 -storepass ExampleKey1234
