Enabling Secure Communication Channels Using Command-Line Scripts

You can use CLI scripts to enable secure communication channels for the HTTP connector, external database, database authentication realm, and LDAP authentication realm.

Prerequisites

Edit the file TIBCO_HOMEadministrator/versionscripts/bootstrap-edit-build.properties. Specify appropriate values for the following properties:
  • instance.properties.file - the location of the remote_props.properties file.
  • tibco.config.mgmt.home - the folder containing runtime object configuration, referred to as CONFIG_HOME.
  • admin.enterprise.name - the enterprise name.
  • admin.instance.name - the name of the Administrator server instance.

Follow these procedures to enable SSL for the listed components.

HTTP Connector

Procedure

  1. Edit the data file for the HTTP connector. The file is located at TIBCO_HOME/administrator/version/scripts/edit-httpconnector-data.xml .
    1. Update the serverBaseUrl attribute to point to the correct host and port. Make sure the https prefix is used.
    2. Uncomment the SSLConfig element.
    3. Specify valid keystore details.
  2. From the command-line prompt, navigate to the TIBCO_HOME/administrator/version/scripts folder.
  3. Run the ant script ant -f bootstrap-edit-build.xml edit-httpconnector .

Result

You will see the sequence in which the resources are redeployed. Lastly the SystemNode is restarted.

External Database

Procedure

  1. If moving from a different database, use the database specific migration tools to export or import existing data to the new database.
  2. Edit the data file for the application database. The file is located at TIBCO_HOME/administrator/version/scripts/edit-external-database-data.xml.
    1. Uncomment the SSLConfig element and specify valid keystore details.
    2. Set the sslJNDIName to the value of the SSLConfig > SSLClientResource > name field.
    3. Add the attribute sslJNDIName to the element JdbcResourceTemplate which is a child of AppDatabaseDetails.
  3. From the command-line prompt, navigate to the TIBCO_HOME/administrator/version/scripts folder.
  4. Run ant script with command line ant -f bootstrap-edit-build.xml edit-external-database.

Result

You will see the sequence in which the resources are redeployed. Lastly the SystemNode is restarted.

Database Authentication Realm

Procedure

  1. If moving from a different database, use the database specific migration tools to export or import existing data to the new database.
  2. Edit the data file for the database realm database. The file is located at TIBCO_HOME/administrator/version/scripts/edit-authrealm-external-database-data.xml.
    1. Uncomment the SSLConfig element and specify valid keystore details.
    2. Set the sslJNDIName to the value of the SSLConfig > SSLClientResource -> name field.
    3. Add the attribute sslJNDIName to the JdbcResourceTemplate element.
  3. From the command-line prompt, navigate to the TIBCO_HOME/administrator/version/scripts folder.
  4. Run ant script with command line ant -f bootstrap-edit-build.xml edit-inprocess-database.

Result

You will see the sequence in which the resources are redeployed. Lastly the SystemNode is restarted.

LDAP Authentication Realm

Procedure

  1. Edit the data file for the database realm database. The file is located at TIBCO_HOME/administrator/version/scripts/edit-authrealm-ldap-data.xml.
    1. Uncomment the SSLConfig element and specify valid keystore values.
    2. Make sure the LDAP URL has the ldaps:// prefix.
  2. From the command-line prompt, navigate to the TIBCO_HOME/administrator/version/scripts folder.
  3. Run ant script with command line ant -f bootstrap-edit-build.xml edit-authrealm-ldap.
    You will see the sequence in which the resources are redeployed. Lastly the SystemNode is restarted.