Creating a Keystore Containing the Security Credentials to Run the Business Process

The credentials that will be used to run the business process must be defined in a keystore that is available to the BPM runtime.

1. Log into the BPM runtime.
2. Using a text editor, open the file:

         BPM_CONFIG_FOLDER\tibco\data\admin\enterpriseName\samples\
      keystore_data.xml

   where:

   • BPM_CONFIG_FOLDER is the path of the TIBCO configuration folder created when the BPM runtime was installed.
   • enterpriseName is the enterprise name specified for the Administrator Server when the BPM runtime was installed. (The default value is AMX BPM.)

     For example:

           C:\ProgramData\amx-bpm\tibco\data\admin\AMX BPM\samples\
      keystore_data.xml

3. Delete the existing CredentialEntry elements.
4. Add a new CredentialEntry element that defines:
   • the username (username) and password (secret) of the credentials that will be used to run the business process.
   • the alias (alias) and associated password (protectionParam) that will be used to access these credentials.

     For example:

     <AMXKeyStore xsi:type="amxdata:AMXKeyStore">
        <CredentialEntry alias="myKeystore" protectionParam="myKeyStoreAliasPassword" 
      username="sysUser" secret="sysUserPassword" /
     </AMXKeyStore>

5. Save the file.
6. Open the BPM_CONFIG_FOLDER\tibco\data\admin\enterpriseName\samples\
keystore_build.xml file and edit the following entries:
   • adminKeyStorelocation - the name of the file that will contain the keystore.
   • adminKeyStorePassword - the password that will be required to access the keystore file.

     For example:

     <project name="keystore_build" default="all">
         <!-- This property lets you safely define all paths relative to the absolute location of this Ant file. -->
         <dirname property="admin.samples.directory" file="${ant.file.keystore_build}"/>
         <!-- This import defines the custom AMXKeyStoreTask. -->
         <import file="${admin.samples.directory}/admin-scripts-base.xml"/>
         <!-- Predefine ${dataFile} to apply the targets in this script with different parameters. -->
         <property name="dataFile" value="${admin.samples.directory}/keystore_data.xml"/>
         <!--
         Add credential and delete credentials from admin default keystore
         -->
         <target name="all" depends="addCredential,deleteCredential"/>
         <target name="addCredential">
             <AMXKeyStoreTask
                 dataFile="${dataFile}"
                 adminKeyStorelocation = "my_keystore.jceks" 
                 adminKeyStorePassword = "AKSpassWd" 
                 action="add"/>
         </target>
         <target name="deleteCredential">
             <AMXKeyStoreTask
                 dataFile="${dataFile}"
                 adminKeyStorelocation = "my_keystore.jceks" 
                 adminKeyStorePassword = "AKSpassWd" 
                 action="delete"/>
         </target>
     </project>

7. Save the file.
8. Run the command to generate the keystore file.

         ant -f keystore_build.xml addCredential

   Note: If Apache Ant™ is not already installed on the BPM runtime system, download it from http://ant.apache.org, install as directed in the Ant documentation, and add the ant executable to your path.

   The file containing the keystore (defined by adminKeyStorelocation) is created in the same folder. For example:

   C:\ProgramData\amx-bpm\tibco\data\admin\AMX BPM\samples>ant -f keystore_build.xm l addCredential Buildfile: C:\ProgramData\amx-bpm\tibco\data\admin\AMX BPM\samples\keystore_buil d.xml addCredential: [AMXKeyStoreTask] INFO - Keystore file C:\ProgramData\amx-bpm\tibco\data\admin\ AMX BPM\samples\my_keystore.jceks does not exist; creating a new keystore file [AMXKeyStoreTask] Adding entry for alias 'myDatabase'... [AMXKeyStoreTask] Saving to keystore file C:\ProgramData\amx-bpm\tibco\data\admi n\AMX BPM\samples\my_keystore.jceks BUILD SUCCESSFUL Total time: 9 seconds C:\ProgramData\amx-bpm\tibco\data\admin\AMX BPM\samples>