Enabling Transport Encryption for TIBCO FTL 6.0 or Later

Prerequisites

If the machine on which you run the FTL server has multiple network interface cards, ensure that the host name is mapped to the IP address that you use to start your FTL server. Otherwise, the certificate generated by the FTL server might use one of the other available IP addresses. As a result of the IP address mismatch, ActiveSpaces processes would not be able to connect to the realm service.

Procedure

  1. Generate a trust file using an FTL server. For instructions, see "Securing FTL Servers" in TIBCO FTL Administration.
  2. Supply copies of the keystore file and trust file to every FTL server
  3. Supply a copy of the trust file to locations that can be accessed by any of the data grid's processes and client processes.
  4. Configure the FTL servers to use TLS security in their configuration files. 
    globals:
        tls.secure: <keystore_password>
  5. Start the FTL Servers. 
    tibftlserver -c <config_file> -n <server_name>
  6. After the secure realm services have been started, create the data grid configuration by using the encrypted_connections option and set its value to all. 
    grid create copyset_size=1 statekeeper_count=3 encrypted_connections=all mygrid
  7. Define the component processes of your data grid. See Defining a Data Grid.