![]() |
Copyright © TIBCO Software Inc. All Rights Reserved |
• For the inbound HTTPS transports, set the bc.security.restrictVersion property to TLSv1 in System Settings > Activated Protocol Plug-ins and Properties > BC.
• For the outbound HTTPS transports configured on partners, clear the Can Use SSLv3 check box. Also, you are required to upload the certificate with the proper Subject Common Name or Subject Alternative Name, as the host name gets verified in the FIPS mode.
• For the intercomponent and secured private process JMS transports, the Verify JMS Server flag must be set. In addition, the following configuration is required in the EMS server factories.conf file for the SSL connection factories. The following displays the configuration for the EMS sample certificates in which use the appropriate values for ssl_trusted and ssl_expected_hostname.For more details about the algorithms supported in FIPS, see https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402annexa.pdfThe actual cipher names should be as per Java specifications. For more information about the ciphers supported by Java 8, see Cipher Suites section in https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html
1. Add the BusinessConnect system settings property bc.gs.cert.fqdn and revoke the token from the Manage Installation page.
2. Create and export the Gateway token and place the token in \bc\home\gs\token folder.The property value for bc.gs.cert.fqdn property can be a comma separated list of IP addresses, host names, wildcard domain names, or the combination of all three.
![]() |
Copyright © TIBCO Software Inc. All Rights Reserved |