Creating or Editing an SSL Client Provider Shared Resource

SSL Client Provider shared resources can be created or edited using the TIBCO BPM Enterprise Administrator.

Procedure

  1. From the TIBCO BPM Enterprise Administrator, select Shared Resources Manager.
  2. From the drop-down list in the upper left, select SSL Client Provider.
  3. Click .
  4. Configure the SSL Client Provider shared resource using the following descriptions.
    Definition
    Property Description
    Name (Required) The unique name of the SSL Client Provider. The name value is case insensitive.
    Description A description for the SSL Client Provider.
    Trust store provider name (Required) The name of the KeyStore Provider to use as the Trust Store. See KeyStore Provider Shared Resources.
    Security Provider The name of an SSL Security Provider, for example 'SunJSSE'. If not specified, the JVM default is used.
    Verify Remote Hostname Selecting this option causes the name on the server's certificate to be verified against the server's hostname. If the server's hostname is different than the name on the certificate, the SSL connection will fail. The name on the certificate can be verified against another name by providing a hostname in the Expected Remote Hostname field.
    Expected Remote Hostname (Required if Verify Remote Hostname is selected) The expected hostname value to check. If a value is specified, that value is used to verify the SSL hostname, otherwise, the default SSL hostname verification is used.
    Mutual authentication
    Property Description
    Enable Mutual Authentication Select this option if the SSL Client will authenticate to the server. Selecting this option causes the following three fields to become enabled
    Identity Store provider name (Required if Enable Mutual Authentication is selected) The name of the KeyStore Provider containing the identity used for mutual authentication.
    Key alias for identity (Required if Enable Mutual Authentication is selected) The alias name for the identity used for mutual authentication.
    Key Alias Password The password for the identity used for mutual authentication.
    SSL and Ciphers
    Property Description
    SSL Protocol The SSL protocol used. The available selections are:
    • TLS_V1
    • TLS_V1.1
    • TLS_V1.2
    • TLS_V1.3

    Default: TLS_V1.2

    SSL Cipher Class The SSL cipher class, which specifies the number of bits in the key used to encrypt data. The greater the number of bits in the key (cipher strength), the more possible key combinations and the longer it would take to break the encryption. The available selections are:
    • ALL_CIPHERS
    • AT_LEAST_128_BITS
    • AT_LEAST_256_BITS
    • EXPLICIT_CIPHERS - If this cipher class is specified, a list of ciphers must be provided in the Explicit Cipher List field.
    • FIPS_CIPHERS
    • MORE_THAN_128_BITS
    • NO_EXPORTABLE_CIPHERS

    Default: AT_LEAST_256_BITS

    Explicit Cipher List A comma-separated list of explicitly named ciphers. For example: 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA'

    This must be provided if "EXPLICIT CIPHERS" is specified in the SSL Cipher Class field.

  5. Click Save.