Running a Secure Backup or Satellite Realm Server

Backup and satellite realm servers must trust the primary realm server. An affiliated realm server can use either the same keystore password as the primary, or a separate password.

1. Copy the trust file generated by the primary realm server and place it on the file system of the affiliated realm server.
2. When starting the affiliated realm server, supply the trust file path:

   Option	Description
   Command Line	--tls.trust.file file_path
   Configuration File Property	com.tibco.tibrealmserver.tls.trust.file file_path

3. When starting the realm server process, supply a command line parameter or configuration file property to specify that the realm server uses TLS security:

   Option	Description
   Command Line	--secure password
   Configuration File Property	com.tibco.tibrealmserver.secure password

   Supply the keystore file password as the value of this parameter or property. The realm server uses this password argument to encrypt and decrypt its keystore file. For information on the form of the password argument, see Keystore File Password Security.
   If the realm server finds TLS data files that it had generated earlier, it uses the password to decrypt the keystore file.

   If it cannot access the data files, or it cannot decrypt the keystore file, then it generates new TLS data files, and uses the password to encrypt the new keystore file. The newly generated data files replace any existing data files.