Project Tasks : Storing Trusted Certificates Outside of Your Project

Storing Trusted Certificates Outside of Your Project
Trusted certificates are used when you configure SSL, such as in an HTTP Connection or JMS Connection.
Trusted certificates can be used to ensure that remote servers are who they claim to be and to ensure that TIBCO BusinessEvents can identify itself as a valid client when connecting to a server.
You can store the certificates within a project folder, or you can use a special global variable, BE_GLOBAL_TRUSTED_CA_STORE, to specify the location of an external directory that contains all the certificates known toTIBCO BusinessEvents.
When you store the certificates within a project folder, then when a certificate changes or expires, you must import any new certificates or certificate chains into the project, rebuild the EAR file, and re-deploy your project.
Using the global variable, however, avoids this problem. When you use the global variable to specify the external location of certificates, then when certificates change or expire, you just replace certificates or add new certificates and then restart the engine to load the changes.
You can set the global variable value and then use the variable in the usual ways, as described in this chapter. For example you could use the global variable in the CDD at the PU level as follows:
tibco.clientVar.BE_GLOBAL_TRUSTED_CA_STORE=file:///somepath/myGTCAFolder
To Store Trusted Certificates Outside of the Project
1.
Create a directory where you want to store the trusted certificates. You must copy this directory to each machine where engines are deployed. Alternatively, the location can be a shared network area accessible by all process engines.
2.
Create a global variable named BE_GLOBAL_TRUSTED_CA_STORE. See Working with Global Variables for more information.
3.
Set the value of BE_GLOBAL_TRUSTED_CA_STORE to the location of the trusted certificates folder on your file system. The value must be a file URL, for example, file:///c:/tibco/certs.
The location can be the same for all deployed engines (that is, you copied it to the same location on each machine or it is a shared network drive). Alternatively you can change the value of the global variable as needed when you deploy the project
4.
Specify a value in the Trusted Certificates field in the SSL Configuration dialog. When the project runs, the value of BE_GLOBAL_CA_STORE is used, and not the value you specify in the Trusted Certificates field.
5.