Configuring the Credential Authority Service

Before using the services offered by the credential server, it is important that you configure the credential server.

Prerequisites

Ensure that the TIBCO Enterprise Administrator server and the agent are running. Ensure that the agent is registered with the server.

Procedure

  1. Log in to TIBCO Enterprise Administrator.
  2. From the landing page, click TIBCOSecurityServer card.
  3. Click Credential Authority Service(s)
  4. Click setConfiguration.
  5. Provide the following optional basic details:
    1. commonName: Issuer name of the credential server.
    2. orgUnit
    3. org
    4. city
    5. state
    6. country
    Additionally, provide the following details:
    Property Description
    serverCertificateValidityPeriod Required. The validity period for the Credential Authority Service server's own certificate. Validity period is in Days.
    clientCertificateValidityPeriod Required. The validity period for the certificates issues by Credential Authority Service server. Validity period is in Days.
    keySize Required field only if keyStore location is specified. The size of the generated key. The recommended size is 1024.
    keyAlgo Required field only if keyStore location is specified. The key alogrithm. The recommended algorithm is RSA.
    keySignAlgo Required field only if keyStore location is specified. The Signature algorithm used to sign the request. The recommended algorithm is SHA1WithRSA.
    keyStoreLocation Optional. Point to the location of the keystore.
    keyStorePassword Required field only if keyStore location is specified.
    keyStoreType Required field only if keyStore location is specified. Some examples of the keystore Type are JCEKS, JKS, PKCS12.
    keyStoreProvider Optional. Some names of the keyStoreProvider are:
    1. SunJCE (JCEKS format)
    2. SUN (JKS format)
    3. IBMJCE (IBM JREs)
    4. SunJSSE (PKCS12 format)
    keyAlias Required field only if keyStore location is specified.
    keyPassword Required field only if keyStore location is specified.
    hostname Required. The name of the host.
    portno Required. The port number that the host listens at. Make sure that the port is available.
    Enable SSL Optional. Select this option to enable SSL.
  6. Click setConfiguration.
    Note: You can create a credential authority service using the python scripts available under TIBCO_HOME\tea\agents\tss\<version>\samples\credentialAuthorityService.

Result

After configuring the credential server, it creates the credential store by itself if no keystore is specified in the configuration property. If not, it uses the keystore specified and stores it in the database.
Note: Re-configuring the credential server changes the credential store. As a result, the previously issued certificates previously get invalidated.