Creating the Public Root Certificate and BPM Truststore

Procedure

  1. On the TIBCO ActiveMatrix BPM runtime, create the public root certificate. To do this:
    1. Create a private key, for example bpm-ca.key. The key should use the RSA algorithm, and have a password to be used to encrypt the file using the DES cipher.
    2. Create a self-signed X.509 certificate, for example bpm-ca.crt, containing the public key of the bpm-ca.key private key that you created in the previous step.
  2. Generate the TIBCO ActiveMatrix BPM trust store (by default, BPM_CONFIG_FOLDER\tibco\data\bpm\configuration\amx-bpm-wss-truststore.jks) from the bpm-ca.crt public root certificate.
  3. Using TIBCO ActiveMatrix Administrator, configure TIBCO ActiveMatrix BPM Web Service security and its dependent resource templates and resources instances to use this truststore.

Result

TIBCO ActiveMatrix BPM can now use this public root certificate to verify the signature of incoming messages.