Configuring On Premise SSL for TIBCO Order Management
- Procedure
- Go to the
JAVA_11_HOME\bin directory and run the following commands:
keytool -genkey -alias om -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -validity 365 -keystore om.pkcs12 -storepass tibco123 -ext san=ip:10.x.x.x,dns:localhost,ip:127.0.0.1 What is your first and last name? [Unknown]: om-auth.test What is the name of your organizational unit? [Unknown]: tibco What is the name of your organization? [Unknown]: tibco What is the name of your City or Locality? [Unknown]: Pune What is the name of your State or Province? [Unknown]: Maharashtra What is the two-letter country code for this unit? [Unknown]: IN Is CN=om-auth.test, OU=tibco, O=tibco, L=Pune, ST=Maharashtra, C=IN correct? [no]: Yes keytool -export -alias om -file om123.crt -keystore om.pkcs12 keytool -import -v -trustcacerts -alias om2 -file om123.crt -keystore cacerts.pkcs12 -keypass changeit
When prompted, provide the password as 'changeit'.
-
Copy
cacerts.pkcs12
andom.pkcs12
files from<JAVA_HOME>/bin
directory at a location (such as/home/OM_510HF8/tibco/om/5.1/ssl
), where your Order Management installation is present on VM. - For authorization service and Configurator, modify the
application.properties
file present inside theconfig
directory for the following properties:server.ssl.key-alias=om server.ssl.key-store-password=tibco123
server.ssl.key-store=/home/OM_510HF8/tibco/om/5.1/ssl/om.pkcs12Note: TIBCO Order Management supports passwords in text format and also in encrypted format as shown in the following example:server.ssl.key-alias=om
server.ssl.key-store-password=ENC(cfMrxokzKTm3zJJLpDW7Jg==)
server.ssl.key-store=/home/OM_510HF8/tibco/om/5.1/ssl/om.pkcs12
For password encryption, use the EncryptPWDUtility from the$OM_HOME/samples
directory -
Run the
./start.sh
script to start the authorization service and configurator. -
Create the required users in the authorization service. For more information, see "Create User" section in the TIBCO® Order Management Administration.
-
For the configurator UI, modify the
application.properties
file present inside theconfig
directory for the following properties and run the ./start.sh script to start the configurator UI:server.ssl.key-alias=om server.ssl.key-store-password=tibco123
server.ssl.key-store=/home/OM_510HF8/tibco/om/5.1/ssl/om.pkcs12
configuratorTrustStoreAbsoluteFilePath=/home/OM_510HF8/tibco/om/5.1/ssl/cacerts.pkcs12 configuratorTrustStorePassword=changeit configuratorTrustStoreType=pkcs12Note: TIBCO Order Management supports passwords in text format and also in encrypted format as shown in the following example:server.ssl.key-alias=om
server.ssl.key-store-password=ENC(cfMrxokzKTm3zJJLpDW7Jg==)
server.ssl.key-store=/home/OM_510HF8/tibco/om/5.1/ssl/om.pkcs12configuratorTrustStoreAbsoluteFilePath=/home/OM_510HF8/tibco/om/5.1/ssl/cacerts.pkcs12
configuratorTrustStorePassword=ENC(Eae+k4PPZW0C8AfVsmzCag==)
configuratorTrustStoreType=pkcs12
For password encryption, use the EncryptPWDUtility from the$OM_HOME/samples
directory -
For all the other services, modify the
application.properties
file present inside theconfig
directory for the following properties and run the ./start.sh script to start the services:server.ssl.key-alias=om server.ssl.key-store-password=tibco123 server.ssl.key-store=/home/OM_510HF8/tibco/om/5.1/ssl/om.pkcs12 configuratorTrustStoreAbsoluteFilePath=/home/OM_510HF8/tibco/om/5.1/ssl/cacerts.pkcs12 configuratorTrustStorePassword=changeit configuratorTrustStoreType=pkcs12
javax.net.ssl.trustStore=/home/OM_510HF8/tibco/om/5.1/ssl/cacerts.pkcs12 javax.net.ssl.trustStorePassword=changeitNote: TIBCO Order Management supports passwords in text format and also in encrypted format as shown in the following example:server.ssl.key-alias=om
server.ssl.key-store-password=ENC(cfMrxokzKTm3zJJLpDW7Jg==)
server.ssl.key-store=/home/OM_510HF8/tibco/om/5.1/ssl/om.pkcs12configuratorTrustStoreAbsoluteFilePath=/home/OM_510HF8/tibco/om/5.1/ssl/cacerts.pkcs12
configuratorTrustStorePassword=ENC(Eae+k4PPZW0C8AfVsmzCag==)
configuratorTrustStoreType=pkcs12javax.net.ssl.trustStore=/home/OM_510HF8/tibco/om/5.1/ssl/cacerts.pkcs12
javax.net.ssl.trustStorePassword=ENC(Eae+k4PPZW0C8AfVsmzCag==)
For password encryption, use the EncryptPWDUtility from the$OM_HOME/samples
directoryChange the
configuratorServiceUrl
andauthorizationServiceTokenEndPoint
from "http://*.*" to "https://*.*" wherever applicable. - Modify the
app_properties
file from the$OM_HOME/seed-data/app-properties
directory for the following properties (also required minimum configurations by users):- For AOPD service:
-
Under 'Orchestrator Configuration':
"propName": "orchestratorBaseUrl" = "propValue": "https://localhost:9093"
-
Under 'AOPD Inventory Integration Configurations':
"propName": "com.tibco.fom.oms.afi.aopd.merge.inventory.url" = "propValue": "https://localhost:8080/fsi-server/soapapi/v1/service"
- For Archival service, under 'Orchestrator Configuration':
"propName": "orderArchivalserviceUrl" = "propValue": "https://localhost:9093/v1/order/archival" "propName": "orderOrchAmendOrderUrl" = "propValue": "https://localhost:9093/v1/amend" "propName": "orderOrchSuspendOrderUrl" = "propValue": "https://localhost:9093/v1/order/suspend" "propName": "orderOrchActivateOrderUrl" = "propValue": "https://localhost:9093/v1/order/activate" "propName": "orderOrchCancelOrderUrl" = "propValue": "https://localhost:9093/v1/order/cancel" "propName": "orderOrchWithdrawOrderUrl" = "propValue": "https://localhost:9093/v1/order" "propName": "orderOrchBulkActionUrl" = "propValue": "https://localhost:9093/v1/orders/bulkaction" "propName": "orderOrchPlanPreviewUrl" = "propValue": "https://localhost:9093/v1/planPreview" "propName": "orderPurgeOrderUrl" = "propValue": "https://localhost:9093/v1/order/purgeOrder" "propName": "orderErrorHandlerreplyUrl" = "propValue": "https://localhost:9093/v1/planitem/errorHandlerreply" "propName": "orderBulkErrorHandlerreplyUrl" = "propValue": "https://localhost:9093/v1/planitem/bulkErrorHandlerreply" "propName": "orderDetailsUrl" = "propValue": "https://localhost:9093/v1/order" "propName": "orderExecutionPlanUrl" = "propValue": "https://localhost:9093/v1/order/plan" "propName": "orderScxmlUrl" = "propValue": "https://localhost:9093/v1/order/scxml"
- For Catalog service, there are no changes.
- For Common service:
-
Under 'Authorization Server Configuration Properties Used for Swagger UI' category:
"propName": "authorizationServiceTokenEndPoint" = "propValue": "https://localhost:9091/oauth/token"
-
Under 'Resource and Service Level Metrics' category:
"propName": "management.metrics.export.elastic.host" = "propValue": "https://localhost:9200"
- For Data service, there are no changes.
- For Jeopardy service, there are no changes.
- For OMSUI service, under 'OMS UI Engine Configuration' category:
"propName": "com.tibco.af.omsui.httpChannelType" = "propValue": "https"
- For Orch service,
- under 'Aopd Configurations':
"propName": "aopdBaseUrl" = "propValue": "https://localhost:9094"
- under 'categoryName: Process-Component Configurations':
"propName": "pcResourceExecuteRequestURL" = "propValue": "https://localhost:9089/v1/planitem/executionrequest" "propName": "pcResourceSuspendRequestURL" = "propValue": "https://localhost:9089/v1/planitem/suspendrequest" "propName": "pcResourceActivateRequestURL" = "propValue": "https://localhost:9089/v1/planitem/activaterequest" "propName": "pcResourceExtErrorHanlderRequestURL" = "propValue": "https://localhost:9089/v1/planitem/errorhandlerrequest" "propName": "feasibleRequestPathRequestURL" = "propValue": "https://localhost:9089/v1/feasibility" "propName": "pqfRequestPathRequestURL" = "propValue": "https://localhost:9089/v1/pqf" "propName": "pcResourceMileReleaseRequestURL" = "propValue": "https://localhost:9089/v1/planitem/milestonerelease" "propName": "pcResourceOpdErrorHandlerRequestURL" = "propValue": "https://localhost:9089/v1/plan/opdErrorHandlerRequest"
- under 'Category Archival Service Configurations':
"propName": "archivalGetOrderDetailsURL" = "propValue": "https://localhost:9099/v1/ordersByCriteria"
- under 'Category Migration Service Configurations':
"propName": "migrationURL" = "propValue": "https://localhost:9100/v1/migration/order"
- under 'Category OPE Configuration':
"propName": "opeOfferValidationSecureURL" = "propValue": "https://localhost:8181/opes/api/v1/offers/validate" "propName": "opeOfferValidationNonSecureURL" = "propValue": "https://localhost:9090/opes/api/v1/offers/validate" "propName": "opeGetAuthTokenURL" = "propValue": "https://localhost:8181/login"
- under 'Aopd Configurations':
- For TMF-OM-Adapter service, under 'Category Orchestrator Service Configuration':
"propName": "omServerOrderUrl" = "propValue": "https://localhost:9093/v1/order" "propName": "omServerWithdrawOrderPath" = "propValue": "https://localhost:9093/v1/order" "propName": "omServerOrderDetailsPath" = "propValue": "https://localhost:9093/v1/order"