How to specify the keystore for encrypted export/import sessions?

How to specify the keystore for encrypted export/import sessions?

book

Article ID: KB0074774

calendar_today

Updated On:

Products Versions
TIBCO Data Virtualization 8.0 and later

Description

When attempting to import or export a TIBCO Data Virtualization (TDV) .car file in a command line session, the attempted login into the SSL protected TDV service may fail, and the error may alert you to the usage of the wrong keystore .jks file as seen in this sample error snippet.


--------------------------------------------------------------------------------------------------------
ERROR: Could not login with the following info:
Host: <your TDV hostname>
Port: 9400
Username: admin
Password: XXXXXXX
Domain: composite
Encrypt: true
KeyStore Location: C:\Program Files\TIBCO\TDV Server 8.2\conf\server\security\cis_server_keystore.jks
TrustStore Location: C:\Program Files\TIBCO\TDV Server 8.2\conf\server\security\cis_server_truststore.jks
* KeyStore/TrustStore passwords are encrypted in scripts; you may execute encryption_util program to verify the stored the passwords with the files
--------------------------------------------------------------------------------------------------------

Resolution

Whether you are running:
  • backup_export.sh  (or .bat if on Windows)
  • backup_import.sh  (or .bat if on Windows)
  • pkg_export.sh  (or .bat if on Windows)
  • pkg_import.sh  (or .bat if on Windows)
You can edit the /bin/init_server_keystore_files.sh  (or .bat if on Windows) that is being called by any of the the above, and alter these 2 lines:

set KEYSTORE_FILE=%CONF_INSTALL_DIR%\conf\server\security\cis_server_keystore.jks
set KEYSTORE_PASSWORD=ENC(<your encrypted password>)


KEYSTORE_FILE
can be reset to point to the actual .jks file you have in effect for this TDV instance.

KEYSTORE_PASSWORD
can be set to the encrypted 'keystorePassword' password that you find in /conf/server/server_values.xml
in this element set:

  <common:attribute>
    <common:name>/server/communications/keystorePassword</common:name>
    <common:type>PASSWORD_STRING</common:type>
    <common:value>Encrypted:ENC(<your encrypted password string>)</common:value>
  </common:attribute>


This should allow your import/export command to successfully log into the SSL-protected TDV service, if the wrong keystore was in effect before.
 

Issue/Introduction

This concerns the import and export of TDV .car files in an encrypted session.
Powered by Wolken Software