Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 8 Security : Shadow Credentials

Shadow Credentials
Shadow credentials stand ready to take over for credentials that will expire. You define when the shadow credential takes effect. You can assign a shadow credential to any private key or certificate if all of these criteria are met:
HTTPS/HTTPSCA   Only a shadow credential is used during overlay and shadow credential period for HTTPS and HTTPSCA transport level handshake of SSL/TLS and for client authentication.
TIBCO BusinessConnect supports shadow credentials to be on standby whenever the primary configured credential is about to expire. The activation of shadow credential can be set at the participant level, and it takes effect on the date that is specified.
The following terms and definitions are used to describe when shadow credential gets picked for different usages:
Original credential period   This is defined as the period between the date when the original credential was uploaded to the date before the activation date was set for the shadow credential.
Overlay period   This definition is applicable only when the shadow credential is associated with the original credential. It is defined as the period between the activation date of the shadow credential and the end of the original credential’s expiration time.
Shadow credential period   This period starts when the original certificate expires and lasts until the shadow credential expires.
Table 7 explains which credentials get picked for different operations. This behavior is valid for protocols that support plain Email/AS1/AS2 SMIME messaging.
Check the appropriate protocol documentation for behavior of SMIME message processing other than plain Email/AS1/AS2.
 
 

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved