Setting up One-way SSL Between TIBCO BusinessEvents and TIBCO StreamBase
In one-way SSL connection, only the StreamBase proxy server sends X.509 certificate to BusinessEvents (client) for verification.
Procedure
Server Configurations
-
Generate required server and client certificates using the
keytool utility (included in the Sun Java JDK) with keytore and truststore parameters.
For example,
//For server keytool -genkeypair -dname "cn=localhost" -alias "serveruser" -keypass tibco2017 -keystore server.keystore -storepass tibco2017 -validity 3650 keytool -export -keystore server.keystore -alias "serveruser" -file server.cer -storepass tibco2017 //For client keytool -genkeypair -dname "cn=localhost" -alias "clientuser" -keypass tibco2017 -keystore client.keystore -storepass tibco2017 -validity 3650 keytool -export -keystore client.keystore -alias "clientuser" -file client.cer -storepass tibco2017 //Import client certificate to server keystore keytool -import -alias "clientuser" -file client.cer -keystore server.keystore -keypass tibco2017 -storepass tibco2017 //Import server certificate to client keystore keytool -import -alias "serveruser" -file server.cer -keystore client.keystore -keypass tibco2017 -storepass tibco2017
-
Edit the
sbd.sbconf file in the TIBCO StreamBase Studio and add
<security> element for activating SSL authentication through StreamBase proxy server.
For one-way SSL, set the require-client-authentication attribute of the <client-ssl-connections> element to false. For more details on the <security> elements, refer to the TIBCO StreamBase Documentation.For example, add the following elements in the sbd.conf file:
<security> <ssl-authentication> <param name="keystore" value="F:/Users/tibcoUser/541/SB_cert_new_20032017/server.keystore"/> <param name="keystore-password" value="tibco2017"/> <param name="key-password" value="tibco2017"/> <param name="enabled" value="true"/> </ssl-authentication> <client-ssl-connections> <param name="require-client-authentication" value="false"/> </client-ssl-connections> <param name="perform-authentication" value="false"/> </security>
-
Start the StreamBase server using above the
sbd.sbconf file with SSL configuration from workspace where the StreamBase project is located.
For example,
C:\TIBCO\sb-cep\7.6\bin64\sbd.exe BusinessEventsFraudDetection.sbapp -f sbd.sbconf
-
Start the StreamBase proxy server with SSL from workspace where the StreamBase project is located.
For example,
C:\TIBCO\sb-cep\7.6\bin\sbproxy.exe 14500 localhost 14000 -f sbd.sbconf
Client Configurations
-
In BusinessEvents application, create a StreamBase shared resource or use the StreamBase channel properties to specify connection parameters.
- Specify the StreamBase Server URI as sbs://localhost:14500.
- Provide server truststore location and truststore password in the Trust Store File and Trust Store Password fields, respectively.
See Configuration for StreamBase Channels for details on StreamBase channel connection properties. -
Save the project and restart the BusinessEvent engine.
The BusinessEvents now is securely connected to the StreamBase server.
Copyright © TIBCO Software Inc. All rights reserved.