Using Python Deployment Scripts to Connect to the TIBCO Enterprise Administrator Server when SSL Is Enabled

You can use Python deployment scripts to connect to the TIBCO Enterprise Administrator Server when SSL is enabled for its connection with the TIBCO BusinessEvents Enterprise Administrator Agent.

    Procedure
  1. Create certificate files and update the keystore and truststores as follows:
    1. Create client and server keystore and truststore files in the jks or jceks format.

    2. Convert keystore from the jks or jceks format to the pkcs12 format.

    3. Convert the pkcs12 format to PEM files using OpenSSL with an encrypted PEM password.

  2. Copy the cert files to a specific folder. For example, D:/tibco/tea/tea/certs/localhost
  3. Update the TIBCO Enterprise Administrator server configuration file tea.conf located in the TEA installation config folder(for example, C:/ProgramData/tea240hf1/tibco/cfgmgmt/tea/conf) based on the type of SSL configuration:

    For one-way SSL:

    tea.http.keystore="D:/tibco/tea/tea/certs/localhost/httpserversslkeys.jceks"
    tea.http.truststore="D:/tibco/tea/tea/certs/localhost/httpserverssltrusts.jceks"
    tea.http.keystore-password=password
    tea.http.truststore-password=password
    tea.http.key-manager-password=password
    tea.http.cert-alias=httpserver
    tea.http.want.client.auth=false
    tea.http.need.client.auth=false

    For two-way SSL:

    tea.http.keystore = "D:/tibco/tea/tea241hf1/certs/localhost/httpserversslkeys.jceks"
    tea.http.truststore = "D:/tibco/tea/tea241hf1/certs/localhost/httpserverssltrusts.jceks"
    tea.http.keystore-password = "password"
    tea.http.truststore-password = "password"
    tea.http.key-manager-password = "password"
    tea.http.cert-alias = "httpserver"
    tea.http.want.client.auth = true
    tea.http.need.client.auth = true
    tea.http.client.keystore = "D:/tibco/tea/tea241hf1/certs/localhost/httpclientsslkeys.jceks"
    tea.http.client.truststore = "D:/tibco/tea/tea241hf1/certs/localhost/httpclientssltrusts.jceks"
    tea.http.client.keystore-password = "password"
    tea.http.client.truststore-password = "password"
    tea.http.client.key-manager-password = "password"
    tea.http.client.cert-alias = "httpclient"
    Note: For one-way SSL set the tea.http.want.client.auth and tea.http.need.client.auth properties to false
  4. Update the server URL the be-teagent.props file located at BE_HOME/teagent/config. For example, be.tea.server.url=https://localhost:8777/tea and add be.tea.agent.host=localhost.

  5. Log in to TIBCO Enterprise Administrator server with the browser URL. For example https://localhost:8777/tea.
    If you have enabled two-way SSL, add the certificate files to the browser.
    For more information, see Signing in to the TIBCO Enterprise Administrator Server.

  6. Run the Python deployment script. For example:

    %BE_HOME%\teagent\cli\python>applicationsMgmt.py -ssl true -t "https://localhost:8777" -u admin -p admin -sc "D:\tibco\tea\tea240hf1\certs\localhost\server.pem" createdeployment -d testPython -c "D:/tibco/be/be611/be/6.1/examples/standard/FraudDetection/FraudDetection/fd.cdd" -e "D:/tibco/be/be611/be/6.1/examples/standard/FraudDetection/fd.ear"
    Note: In one way SSL, you need to provide the server certificate only and in two way SSL, you need to provide both the server and client certificates.