Configuring One-Way SSL Authentication Between RMS Server LDAP Server and Decision Manager Client
One-way SSL authentication enables the application operating as the SSL client to verify the identity of the application operating as the SSL server (RMS). The SSL-client application is not verified by the SSL-server application.
Note:
Authentication options shared by TIBCO BusinessEvents and its add-on products, such as configuring file-based and LDAP authentication, are documented in
TIBCO BusinessEvents Administration guide of the TIBCO BusinessEvents documentation set.
Note: After configuration, if you change from secure to non-secure mode or from non-secure to secure mode, you must change the
be.auth.ldap.port
value and restart the RMS server.
- Procedure
- Ensure that the keystores are in place in the following locations, as required for the secure authentication you are setting up:
The RMS server machineThe LDAP server machineAll TIBCO BusinessEvents Decision Manager (that is, client) machines
- Import the BRMS project into your workspace and open the
RMS.cdd
file for editing. See TIBCO BusinessEvents WebStudio User’s Guide of the TIBCO BusinessEvents documentation set for details. - In the CDD editor Cluster tab, click Properties.
- To configure one way SSL between the RMS server and the LDAP server, do the following:
Add the properties for One-Way SSL between LDAP server, RMS server, and Decision Manager clients:
be.auth.ldap.ssl javax.net.ssl.trustStore javax.net.ssl.trustStorePassword javax.net.ssl.trustStoreType
See TIBCO BusinessEvents WebStudio Users Guide of the TIBCO BusinessEvents documentation set for RMS.cdd properties reference.
Change the value ofbe.auth.ldap.port
. Edit the property to specify the secure port (which is different from the non-secure port). - Save the RMS.cdd file.
- In the file system, copy the
RMS.cdd
file from your workspace to the BRMS project and to the RMS server startup location:- BRMS project location:
BE_HOME/rms/project/BRMS/Deployment/RMS.cdd
- RMS server location:
BE_HOME/rms/bin/RMS.cdd
- BRMS project location:
- Restart the RMS server.