Enabling SSL for TIBCO Order Management

    Procedure
  1. Go to the JAVA_11_HOME\bin directory and run the following commands:
    C:\jdk11\bin>keytool -genkey -alias om -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -validity 365 -keystore om.pkcs12 -storepass tibco123 -ext san=dns:configurator-svc.default.svc.cluster.local,dns:authorization-svc.default.svc.cluster.local,dns:ope-svc.default.svc.cluster.local,dns:localhost,dns:orchestrator-svc.default.svc.cluster.local,dns:aopd-svc.default.svc.cluster.local,dns:archival-svc.default.svc.cluster.local,dns:pc-svc.default.svc.cluster.local,dns:jeopardy-svc.default.svc.cluster.local
    What is your first and last name?
      [Unknown]:  om-auth.test
    What is the name of your organizational unit?
      [Unknown]:  tibco
    What is the name of your organization?
      [Unknown]:  tibco
    What is the name of your City or Locality?
      [Unknown]:  Pune
    What is the name of your State or Province?
      [Unknown]:  Maharashtra
    What is the two-letter country code for this unit?
      [Unknown]:  IN
    Is CN=om-auth.test, OU=tibco, O=tibco, L=Pune, ST=Maharashtra, C=IN correct?
      [no]:  Yes
      
      
    C:\jdk11\bin>keytool -export -alias om -file om123.crt -keystore om.pkcs12
      
    C:\jdk11\bin>keytool -import -alias om2 -file om123.crt -cacerts
    trustStorePassword=changeit
     
  2. Copy om.pkcs12 file from the JAVA_HOME\bin directory and cacerts file from the JAVA_HOME\lib\security directory to the base/1.0 directory and modify base dockerfile accordingly.
    Example: copy om.pkcs12 and cacerts at location /home/tibuser/tibco/om/5.1
  3. Modify the Order Management services dockerfile for entrypoint as follows:
    ENTRYPOINT ["sh","-c", "/home/tibuser/tibco/om/5.1/configurator/standalone/bin/start.sh
     -Djavax.net.ssl.trustStore=/home/tibuser/tibco/om/5.1/cacerts 
     -Djavax.net.ssl.trustStorePassword=changeit --run=FG"]
  4. Create docker images for all Order Management services.
  5. From the helm chart side, modify the values.yaml file as follows:
    1. Add the following properties:
        server_ssl_key_alias: om
        server_ssl_key_store_password: tibco123
        server_ssl_key_store: /home/tibuser/tibco/om/5.1/om.pkcs12
      
    2. Update the following properties:
        authorizationServiceTokenEndPoint: https://authorization-svc.default.svc.cluster.local:9091/oauth/token
        configuratorServiceUrl: https://configurator-svc.default.svc.cluster.local:9090
        orderArchivalserviceUrl: https://orchestrator-svc.default.svc.cluster.local:9093/v1/order/archival
        orderOrchAmendOrderUrl: https://orchestrator-svc.default.svc.cluster.local:9093/v1/amend
        orderOrchSuspendOrderUrl: https://orchestrator-svc.default.svc.cluster.local:9093/v1/order/suspend
        orderOrchActivateOrderUrl: https://orchestrator-svc.default.svc.cluster.local:9093/v1/order/activate
        orderOrchCancelOrderUrl: https://orchestrator-svc.default.svc.cluster.local:9093/v1/order/cancel
        orderOrchWithdrawOrderUrl: https://orchestrator-svc.default.svc.cluster.local:9093/v1/order
        orderOrchBulkActionUrl: https://orchestrator-svc.default.svc.cluster.local:9093/v1/orders/bulkaction
        orderOrchPlanPreviewUrl: https://orchestrator-svc.default.svc.cluster.local:9093/v1/planPreview
        orderPurgeOrderUrl: https://orchestrator-svc.default.svc.cluster.local:9093/v1/order/purgeOrder
        orderErrorHandlerreplyUrl: https://orchestrator-svc.default.svc.cluster.local:9093/v1/planitem/errorHandlerreply
        orderBulkErrorHandlerreplyUrl: https://orchestrator-svc.default.svc.cluster.local:9093/v1/planitem/bulkErrorHandlerreply
        aopdGeneratePlanResourceURL: https://aopd-svc.default.svc.cluster.local:9094/v1/generatePlan
        aopdAmendPlanResourceURL: https://aopd-svc.default.svc.cluster.local:9094/v1/plan/amend
        pcResourceExecuteRequestURL: https://pc-svc.default.svc.cluster.local:9089/v1/planitem/executionrequest
        pcResourceSuspendRequestURL: https://pc-svc.default.svc.cluster.local:9089/v1/planitem/suspendrequest
        pcResourceActivateRequestURL: https://pc-svc.default.svc.cluster.local:9089/v1/planitem/activaterequest
        pcResourceExtErrorHanlderRequestURL: https://pc-svc.default.svc.cluster.local:9089/v1/planitem/errorhandlerrequest
        feasibleRequestPathRequestURL: https://pc-svc.default.svc.cluster.local:9089/v1/feasibility
        pqfRequestPathRequestURL: https://pc-svc.default.svc.cluster.local:9089/v1/pqf
        pcResourceMileReleaseRequestURL: https://pc-svc.default.svc.cluster.local:9089/v1/planitem/milestonerelease
        archivalGetOrderDetailsURL: https://archival-svc.default.svc.cluster.local:9099/v1/ordersByCriteria
        omServerOrderUrl: https://orchestrator-svc.default.svc.cluster.local:9093/v1/order
        omServerWithdrawOrderPath: https://orchestrator-svc.default.svc.cluster.local:9093/v1/order
        omServerOrderDetailsPath: https://orchestrator-svc.default.svc.cluster.local:9093/v1/order
        orchURL: https://orchestrator-svc.default.svc.cluster.local:9093
      
    3. Change the scheme for each application to HTTPS.
      Example: In the configurator application-
        readinessProbe:
              failureThreshold: 3
              httpGet:
                path: /management/ready
                port: 9090
                scheme: HTTPS
              periodSeconds: 300
              successThreshold: 1
              timeoutSeconds: 3
          livenessProbe:
              failureThreshold: 3
              httpGet:
                path: /management/health
                port: 9090
                scheme: HTTPS
              periodSeconds: 300
              successThreshold: 1
              timeoutSeconds: 3