Securing Communication Channels
By default, the communication channels between the ActiveMatrix BPM components and third-party applications are not secure. However, you can secure them using the SSL protocol.
The TIBCO ActiveMatrix BPM platform is partitioned across many components. These components communicate with each other and with third-party applications over various communication protocols. The components and communication channels are illustrated in the following figure.
By default, these communication channels are not secure. However, they can be secured by configuring the channels to use the Secure Sockets Layer (SSL) protocol. SSL is a cryptographic protocol that provides security and data integrity for communications over TCP/IP networks. SSL encrypts the segments of point-to-point connections at the Transport Layer.
An SSL client and server negotiate a stateful connection by using a handshaking procedure. During this handshake, the client and server agree on various parameters to establish the connection's security. The handshake begins when a client connects to an SSL-enabled server requesting a secure connection. The server sends back its identification in the form of a digital certificate. The certificate usually contains the server name, the trusted certificate authority (CA), and the server's public encryption key.
You can specify the SSL configuration of the communication channels at various times in the life cycle of a TIBCO ActiveMatrix BPM enterprise. The following table lists how to perform the initial SSL configuration and how to upgrade, downgrade, and change the configuration of each channel. Detailed steps for each procedure are provided in Configuring ActiveMatrix BPM Runtime Objects (TIBCO Configuration Tool) and TIBCO ActiveMatrix BPM - SOA Administration.