Creating Certificate and Identity file for SSL Connection
Step 1: Creating Certificate and Public key.
We will learn to create our own Certificates and Identity file with “keytool” which we can use in our SSL Tibco
projects. With the help of which we can generate .jks file ,public key and private key for SSL connection.
To create the certificate you can use tool called 'keytool' which is shipped with jdk/jre.
It is a command line utility.
Command For Generating JKS File
Below is the command to create a .jks file which will have both public key and private key.
keytool -genkey -alias server-alias -keyalg RSA -keypass yourpassword -storepass
yourpassword -keystore keystore.jks
Short summary:
-alias is used to give a name to your key. should be unique for its purpose.
-keyalg is encryption algorithm type.
-keypass password affiliated to key
-storepass is affiliated to keystore.jks
keystore.jks is name of the file which acts as repository keys.
After typing in this command, you will be asked details for the JKS file, give specifications accordingly.
At the end your key called server-alias will be stored in repo keystore.jks.
This entry in keystore.jks will have public as well as private key.
You now need to publish the public key to the world.
use following command to extract public key from entry which you have created earlier.
keytool -export -alias server-alias -storepass yourpassword -file server.cer -keystore
keystore.jks
The public key aka certificate will be stored in file named server.cer.
This file should be used by the person who wants to connect to your server.
1.2 Creating Identity file.
1.2.1 Identity
You have your public/private key pair with you.
Create an Identity in your BW project.
Choose type Identity file. Provide URL as path to your_keystore.jks.
Give the file type 'JKS' and password.
Save the identity.
1.2.2 HTTP Connection.
Create an HTTP Connection and use SSL.
Configure SSL with the identity and certificate folder you have created in 1.2.1.
This step does not include instructions to enable client authentication.
This is enough for server side.
Step 2: Importing the certificate to be used at client side.
2.1 Import the key
Get the server.cer from the server authority which is publicly available.
Import the public key into you trust store (Certificate folder in the Tibco Designer).
Certificate in PEM format
In the BW project import the public certificate by
Tools>Trusted Certificates>Import into PEM format.
It is always advisable to keep the certificates in a separate folder to skip unnecessary processing.
2.2 Install in tibco BW
We can use the same Identity file that we have used in the HTTP Connection at the Soap Request Reply SSL
Configuration.
TIBCO TRIVIA
About tibco Messaging Appliance P-7500:
TIBCO Messaging Appliance P-7500 is out-of-the-box RV appliance. A single appliance is
able to replace ten or more existing servers running TIBCO Rendezvous daemons and
support up to 6,000 client connections on heterogeneous networks. It does this by
communicating directly with the TIBCO Rendezvous clients via TCP/IP and bypassing
any multicast transmission issues.