Configuring a Certificate
You can modify specific parameters in the config.txt file to use an SSL certificate.
Prerequisites
Procedure
- On the command line, navigate to the $CFROOT/config directory.
- Open the config.txt file by using any text editor.
- Navigate to the SSL Communication Additional Parameters part in both SERVER and CLIENT sections.
-
Configure the following parameters according to your certificate:
The following is an example of the
SSL Communication Additional Parameters part in the SERVER section:
# SSL Communication Additional Parameters. SSLPort: 56565 SSLPortIPv6: N { N, IPv6 Port } TunnelPort: 58585 TunnelPortIPv6: N { N, IPv6 Port } ClientVerification: N { N, Y } CertificateFileName: /mftps/certs/cert.test PrivateKeyFileName: /mftps/certs/privatekey.test PrivateKeyPwdFileName: /mftps/certs/passwordfile TrustedAuthorityFileName: /mftps/certs/certauth.all AuthorizationFileName: N { N, FileName } SSLTraceLevel: N { N, Y } SSLTracePath: /mftps/trace/SSLResponder { N, Path } CheckCRL: N { N, Y } CAPath: SSLEnabledProtocols: TLSV1,TLSV1.1,TLSV1.2 { TLSV1,TLSV1.1,TLSV1.2} Ciphers: HIGH { openssl_cipher_list }The following is an example of the SSL Communication Additional Parameters part in the CLIENT section:# SSL Communication. Additional Parameters. CertificateFileName: /mftps/certs/cert.test PrivateKeyFileName: /mftps/certs/privatekey.test PrivateKeyPwdFileName: /mftps/certs/passwordfile TrustedAuthorityFileName: /mftps/certs/certauth.all SSLTraceLevel: N { N, Y } SSLTracePath: /mftps/trace/SSLInitiator { N, Path } CheckCRL: N { N, Y } CAPath: SSLEnabledProtocols: TLSV1,TLSV1.1,TLSV1.2 { TLSV1,TLSV1.1,TLSV1.2 } Ciphers: HIGH { openssl_cipher_list } - To make the changed config.txt file effective for responder requests, restart TIBCO MFT Platform Server. The changed config.txt is immediately effective for initiator (that is, cfsend and cfrecv) requests.
Copyright © 2022. Cloud Software Group, Inc. All Rights Reserved.