How to configure and use Python deployment scripts when SSL is enabled for TIBCO Enterprise Administrator (TEA) Server and TIBCO BusinessEvents Enterprise Administrator Agent Connection
Article ID: KB0073923
Updated On:
| Products | Versions |
|---|---|
| TIBCO BusinessEvents Enterprise Edition | 5.x/6.x |
Description
Steps to configure SSL TEA-Server and execute python deployment scripts to perform same actions that can be done on TEA UI.
Environment
All Operating Systems
Resolution
1. Create cert files
Sample scripts for Windows included in attachment, folder "01-CreateCerts"
Update "00setEnv.bat" to modify settings
- Generate keystore and truststore
- Convert jceks keystore to pkcs12 keystore
- Convert .p12 to .pem using openssl with encrypted PEM password
2. Copy cert files to a specific folder (e.g., D:/tibco/tea/tea/certs/localhost)
3. Update TEA server conf file tea.conf (location configured in file: TEA_SERVERHOME/bin/tea.tra, property tibco.env.TEA_CONFIG_HOME)
tea.http.keystore="D:/tibco/tea/tea/certs/localhost/httpserversslkeys.jceks"
tea.http.truststore="D:/tibco/tea/tea/certs/localhost/httpserverssltrusts.jceks"
tea.http.keystore-password=password
tea.http.truststore-password=password
tea.http.key-manager-password=password
tea.http.cert-alias=httpserver
tea.http.want.client.auth=false
tea.http.need.client.auth=false
tea.server.includeCipherSuites="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
tea.server.excludeCipherSuites="^.*_(MD5|SHA|SHA1)$"
4. Start TEA-Server
5. Update URL in BE_HOME/teagent/config/be-teagent.props, e.g.: be.tea.server.url=https:/localhost:8777/tea
6. Start BE-TEA-Agent
7. Login to TEA-Server (browser URL, e.g.: https:/localhost:8777/tea) and add a machine to the BE-TEA-Agent
Note:
If required you can add the machine with python script command as well.
python applicationsMgmt.py addmachine -m <MACHINENAME> -i <IPADDRESS> -o <{"windows", "unix", "os-x"}> -b <BE_HOME> –t <BETRA> -u <USER> -p <PWD> -s=<SSHPORT> -f <DEPLOYMENTPATH> -abh <ADDBEHOME>
8. Execute Python deployment scripts to deploy and start BE application
Sample scripts (Windows) included in attachement, folder "02-PerformBE_Delployment"
Before start the script update environment settings in setEnv.bat and the settings for the Instance1 (MACHINE1 and JMXPort1).
Note:
Paramter -sc <SERVER_PEM_FILE> only added as a parameter because both tea.http.want.client.auth and tea.http.need.client.auth both set to false in TEA-Server configuration (one way authentication
Sample scripts for Windows included in attachment, folder "01-CreateCerts"
Update "00setEnv.bat" to modify settings
- Generate keystore and truststore
- Convert jceks keystore to pkcs12 keystore
- Convert .p12 to .pem using openssl with encrypted PEM password
2. Copy cert files to a specific folder (e.g., D:/tibco/tea/tea/certs/localhost)
3. Update TEA server conf file tea.conf (location configured in file: TEA_SERVERHOME/bin/tea.tra, property tibco.env.TEA_CONFIG_HOME)
tea.http.keystore="D:/tibco/tea/tea/certs/localhost/httpserversslkeys.jceks"
tea.http.truststore="D:/tibco/tea/tea/certs/localhost/httpserverssltrusts.jceks"
tea.http.keystore-password=password
tea.http.truststore-password=password
tea.http.key-manager-password=password
tea.http.cert-alias=httpserver
tea.http.want.client.auth=false
tea.http.need.client.auth=false
tea.server.includeCipherSuites="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
tea.server.excludeCipherSuites="^.*_(MD5|SHA|SHA1)$"
4. Start TEA-Server
5. Update URL in BE_HOME/teagent/config/be-teagent.props, e.g.: be.tea.server.url=https:/localhost:8777/tea
6. Start BE-TEA-Agent
7. Login to TEA-Server (browser URL, e.g.: https:/localhost:8777/tea) and add a machine to the BE-TEA-Agent
Note:
If required you can add the machine with python script command as well.
python applicationsMgmt.py addmachine -m <MACHINENAME> -i <IPADDRESS> -o <{"windows", "unix", "os-x"}> -b <BE_HOME> –t <BETRA> -u <USER> -p <PWD> -s=<SSHPORT> -f <DEPLOYMENTPATH> -abh <ADDBEHOME>
8. Execute Python deployment scripts to deploy and start BE application
Sample scripts (Windows) included in attachement, folder "02-PerformBE_Delployment"
Before start the script update environment settings in setEnv.bat and the settings for the Instance1 (MACHINE1 and JMXPort1).
Note:
Paramter -sc <SERVER_PEM_FILE> only added as a parameter because both tea.http.want.client.auth and tea.http.need.client.auth both set to false in TEA-Server configuration (one way authentication
Issue/Introduction
How to configure and use Python deployment scripts when SSL is enabled for TIBCO Enterprise Administrator (TEA) Server and TIBCO BusinessEvents Enterprise Administrator Agent Connection
Feedback
Yes
No
Powered by
