Configuring SSL Communication

You can configure SSL communication between Administrator and the TIBCO ActiveMatrix Registry Runtime UDDI Server.

For further information on configuring SSL in TIBCO ActiveMatrix Registry Runtime UDDI Server TIBCO ActiveMatrix Registry Runtime UDDI Server, see http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#SSL_and_Tomcat

Procedure

  1. Open a command window in UDDI_HOME/tibcojre/VERSION/bin.
  2. Generate a keystore with alias TAMRUS:keytool -genkeypair -alias TAMRUS -keyalg RSA -keystore .keystore -storepass password -dname "CN=YourName, OU=YourName, O=Engineering, L=YourCity, ST=YourState, C=YourCountryCode"
  3. In TIBCO_HOME/RuntimeUDDIServer/version/server/conf/server.xml replace:
    <Connector port="58080" protocol="HTTP/1.1" connectionTimeout="20000" />

    with

    Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS" keystoreFile="./.keystore" keystorePass="password"/>
  4. Export the TAMRUS certificate: keytool -exportcert -alias TAMRUS -keystore .keystore -storepass password -file TAMRUS.cert
  5. Import the TAMRUS certificate into the Administrator server trust keystore: keytool -importcert -alias TAMRUS -file TAMRUS.cert -keystoreTIBCO_HOME/tibcohost/3.4/templates/admin.default.ssl.trust.store.ts -storepass secret
    $ keytool -importcert -alias TAMRUS -file TAMRUS.cert -keystore TIBCO_HOME/tibcohost/3.4/templates/admin.default.ssl.trust.store.ts -storepass secret
    Owner: CN=YourName, OU=YourName, O=Engineering, L=YourCity, ST=YourState, C=YourCountryCode
    Issuer: CN=YourName, OU=YourName, O=Engineering, L=YourCity, ST=YourState, C=YourCountryCode
    Serial number: 4ba255a3
    Valid from: Thu Mar 18 17:32:35 CET 2010 until: Wed Jun 16 18:32:35 CEST 2010
    Certificate fingerprints:
    MD5: 4D:B0:EE:FC:A2:72:A0:6E:4C:13:BD:8E:F12:90:06
    SHA1: B99:5A:6D:15:53:BA:DC:63:AB:70:89:61:2C:C3:DA:1C:FA:EB:E3
    Signature algorithm name: SHA1withRSA
    Version: 3
    Trust this certificate? [no]: yes
    Certificate was added to keystore