Configuring One-Way SSL Authentication Between RMS Server LDAP Server and Decision Manager Client

One-way SSL authentication enables the application operating as the SSL client to verify the identity of the application operating as the SSL server (RMS). The SSL-client application is not verified by the SSL-server application.

1. Ensure that the keystores are in place in the following locations, as required for the secure authentication you are setting up:
   • The RMS server machine
   • The LDAP server machine
   • All TIBCO BusinessEvents Decision Manager (that is, client) machines
2. Import the BRMS project into your workspace and open the RMS.cdd file for editing. See TIBCO BusinessEvents WebStudio User’s Guide of the TIBCO BusinessEvents documentation set for details.
3. In the CDD editor Cluster tab, click Properties.
4. To configure one way SSL between the RMS server and the LDAP server, do the following:
   • Add the properties for One-Way SSL between LDAP server, RMS server, and Decision Manager clients:

     be.auth.ldap.ssl
     javax.net.ssl.trustStore
     javax.net.ssl.trustStorePassword
     javax.net.ssl.trustStoreType

     See TIBCO BusinessEvents WebStudio Users Guide of the TIBCO BusinessEvents documentation set for RMS.cdd properties reference.

   • Change the value of be.auth.ldap.port. Edit the property to specify the secure port (which is different from the non-secure port).
5. Save the RMS.cdd file.
6. In the file system, copy the RMS.cdd file from your workspace to the BRMS project and to the RMS server startup location:
   • BRMS project location:
   

     BE_HOME/rms/project/BRMS/Deployment/RMS.cdd

   • RMS server location:

     BE_HOME/rms/bin/RMS.cdd

7. Restart the RMS server.