SSL Configuration on the TIBCO Enterprise Administrator: An Overview

The TIBCO Enterprise Administrator supports both one-way (server side) and two-way (server side as well as client side) SSL authentication. You can configure SSL between the web browser and the TIBCO Enterprise Administrator as well as between the TIBCO Enterprise Administrator and the Agent.

  • One-way Authentication - This is also known as server-side authentication. For this type of authentication the HttpClient residing in an application authenticates the HttpServer residing in another application. The HttpServer is not required to authenticate the HttpClient. On TIBCO Enterprise Administrator, this would mean:
    • The HttpClient residing on the TIBCO Enterprise Administrator server verifies the HttpServer residing on the Agent

      AND

    • The HttpClient residing on the Agent verifies the HttpServer residing on the TIBCO Enterprise Administrator server

So, the HttpServers residing on both the TIBCO Enterprise Administrator server and Agent simply trust each others' HttpClients.

  • Two-way Authentication - In addition to the server-side authentication used for the one-way authentication, the two-way authentication requires client-side authentication too. On TIBCO Enterprise Administrator, that would mean ALL of the following needs to happen:
    • The HttpClient residing on the TIBCO Enterprise Administrator server verifies the HttpServer residing on the Agent
    • The HttpClient residing on the Agent verifies the HttpServer residing on the TIBCO Enterprise Administrator server
    • The HttpServer residing on the TIBCO Enterprise Administrator server verifies the HttpClient residing on the Agent
    • The HttpServer residing on the Agent verifies the HttpClient residing on the TIBCO Enterprise Administrator server
Note: Earlier versions of TIBCO Enterprise Administrator supported only one-way authentication. TIBCO Enterprise Administrator 1.3.0 and above supports two-way authentication. However, you always have the option to implement one-way authentication alone too.

In TIBCO Enterprise Administrator, the web browser (which you use to run the TIBCO Enterprise Administrator web UI) is a client to the TIBCO Enterprise Administrator server. The TIBCO Enterprise Administrator server on the other hand, acts as a client to the Agent when it makes a request to the Agent, but acts as a server to the Agent when the Agent requests some information from it. Similarly the Agent acts as a server to the TIBCO Enterprise Administrator server when fulfilling a request from the TIBCO Enterprise Administrator server but acts as a client to the TIBCO Enterprise Administrator server when making a request to the TIBCO Enterprise Administrator server(such as when getting itself registered with the TIBCO Enterprise Administrator server).

The following diagram shows a very high level overview of authentication in a two-way authentication setup:
Two-way Authentication

SSL Mutual Authentication
Related tasks
Related reference