Enabling Transport Encryption for TIBCO FTL 5.4.1 Users

The following procedure is applicable if you are using TIBCO FTL 5.4.1. This procedure uses command-line options to specify the secure realm service options. See the FTL Administration guide for more information on running secure realm services, realm service command line options, and realm service configuration properties.

Prerequisites

If the machine on which you run the FTL server has multiple network interface cards, ensure that the host name is mapped to the IP address that you use to start your FTL server. Otherwise, the certificate generated by the FTL server might use one the other available IP addresses. As a result of the IP address mismatch, ActiveSpaces processes would not be able to connect to the realm service.

Procedure

  1. Start a secure primary realm service and specify a password for the keystore: 
    --secure pass:<password>
  2. Ensure that the trust file created by the primary realm service is copied to locations that can be accessed by any of the affiliated realm service (for example, backup or satellite), each of the data grid’s processes, and client processes.
  3. Start the affiliated realm services (for example. backup or satellite) with the following transport encryption options: 
    --secure pass:<password>
--tls.trust.file <path>
  4. After the secure realm services have been started, create the data grid configuration using the encrypted_connections option and set its value to all. 
    grid create copyset_size=1 statekeeper_count=3 encrypted_connections=all mygrid
  5. Define the component processes of your data grid. See Defining a Data Grid.
Related tasks