Using Python Deployment Scripts to Connect to the TIBCO Enterprise Administrator Server when SSL Is Enabled
You can use Python deployment scripts to connect to the TIBCO Enterprise Administrator Server when SSL is enabled for its connection with the TIBCO BusinessEvents Enterprise Administrator Agent.
- Procedure
- Create certificate files and update the keystore and truststores as follows:
Create client and server keystore and truststore files in the jks or jceks format.
Convert keystore from the jks or jceks format to the pkcs12 format.
Convert the pkcs12 format to PEM files using OpenSSL with an encrypted PEM password.
- Copy the cert files to a specific folder. For example,
D:/tibco/tea/tea/certs/localhost
-
Update the TIBCO Enterprise Administrator server configuration file
tea.conf
located in the TEA installation config folder(for example,C:/ProgramData/tea240hf1/tibco/cfgmgmt/tea/conf
) based on the type of SSL configuration:For one-way SSL:
tea.http.keystore="D:/tibco/tea/tea/certs/localhost/httpserversslkeys.jceks" tea.http.truststore="D:/tibco/tea/tea/certs/localhost/httpserverssltrusts.jceks" tea.http.keystore-password=password
tea.http.truststore-password=password
tea.http.key-manager-password=password
tea.http.cert-alias=httpserver
tea.http.want.client.auth=false
tea.http.need.client.auth=falseFor two-way SSL:
tea.http.keystore = "D:/tibco/tea/tea241hf1/certs/localhost/httpserversslkeys.jceks"
tea.http.truststore = "D:/tibco/tea/tea241hf1/certs/localhost/httpserverssltrusts.jceks"
tea.http.keystore-password = "password"
tea.http.truststore-password = "password"
tea.http.key-manager-password = "password"
tea.http.cert-alias = "httpserver"
tea.http.want.client.auth = true
tea.http.need.client.auth = true
tea.http.client.keystore = "D:/tibco/tea/tea241hf1/certs/localhost/httpclientsslkeys.jceks"
tea.http.client.truststore = "D:/tibco/tea/tea241hf1/certs/localhost/httpclientssltrusts.jceks"
tea.http.client.keystore-password = "password"
tea.http.client.truststore-password = "password"
tea.http.client.key-manager-password = "password"
tea.http.client.cert-alias = "httpclient"Note: For one-way SSL set thetea.http.want.client.auth
andtea.http.need.client.auth
properties tofalse
-
Update the server URL the be-teagent.props file located at
BE_HOME/teagent/config
. For example,be.tea.server.url=https://localhost:8777/tea
and addbe.tea.agent.host=localhost
. -
Log in to TIBCO Enterprise Administrator server with the browser URL. For example
https://localhost:8777/tea
.
If you have enabled two-way SSL, add the certificate files to the browser.
For more information, see Signing in to the TIBCO Enterprise Administrator Server. -
Run the Python deployment script. For example:
%BE_HOME%\teagent\cli\python>applicationsMgmt.py -ssl true -t "https://localhost:8777" -u admin -p admin -sc "D:\tibco\tea\tea240hf1\certs\localhost\server.pem" createdeployment -d testPython -c "D:/tibco/be/be611/be/6.1/examples/standard/FraudDetection/FraudDetection/fd.cdd" -e "D:/tibco/be/be611/be/6.1/examples/standard/FraudDetection/fd.ear"
Note: In one way SSL, you need to provide the server certificate only and in two way SSL, you need to provide both the server and client certificates.