Enabling SSL Communication with TIBCO ActiveMatrix BPM Runtime Clients

You can enable SSL communication with TIBCO ActiveMatrix BPM runtime clients.

  1. From TIBCO ActiveMatrix Administrator, select the HTTP Connector resource template with its Scope set to your BPM application.
  2. Click the SSL tab.
  3. Edit the following properties:
    • Enable SSL: Select this checkbox.
    • SSL Certificate Source: Select SSL Server Provider from the drop-down list.
    • SSL Server Provider: Enter (or select) SslServerRT.
  4. Re-install the HTTP Connector resource instance.

This enables SSL using:

  • a default, self-signed certificate
  • the following TIBCO ActiveMatrix BPM shared resources.

(1) A default keystore file is provided at CONFIG_HOME\bpm\bpm_app_name\keystores\install-server-store.jks. The keystore contains the certificate to be used when a client requests an SSL connection using the httpConnector.

Warning: The digital certificate supplied in install-server-store.jks is self-signed and intended for use in a development environment. In a production environment, you should replace this certificate with one signed by an appropriate certificate authority (CA). See Replacing the Default Self-Signed Certificate with a CA-Authorized Certificate for more information about how to do this.
Note: When you use the default, self-signed certificate, users will be presented with a dialog warning them of the "untrusted" certificate when they first login to Workspace or Openspace. In order to continue, they must tell the browser to accept the certificate. The instructions will vary according to browser type.

(2) The KeystoreCspRT Keystore Provider shared resource defines install-server-store.jks as the keystore that contains the certificate to be used when a client requests an SSL connection. The default password for the keystore is password.

(3) The SslServerRT SSL Server Provider shared resource, defines install-server-key (and its password, which has the default value staff123) as the alias to be used to access the certificate in the keystore. The default password for this alias is staff123.