Set the below properties to enable  SSL on TIBCO Enterprise Administrator(TEA) Enterprise Messaging Service(EMS) agent
1. Modify tea server url in the ems-agent.conf file
****************ems-agent.conf*************
# TEA server URL
ems.teaserver.url=https://localhost:8777/tea
*************************************************

2. Properties that needs to be configured on the TEA side
********************** tea.conf********************

tea.http.keystore 
tea.http.keystore-password 
tea.http.truststore 
tea.http.truststore-password 
tea.http.cert-alias 
tea.http.key-manager-password 
tea.http.want.client.auth
tea.http.need.client.auth 
tea.http.client.keystore
tea.http.client.keystore-password
tea.http.client.truststore
tea.http.client.truststore-password
tea.http.client.cert-alias
tea.http.client.key-manager-password
**********************************************************

3. Properties that needs to be configured on the agent side
***********************************ems-agent.tra*****************************
java.extended.properties=-Dtea.agent.http.keystore
-Dtea.agent.http.truststore
-Dtea.agent.http.keystore.password
-Dtea.agent.http.truststore.password 
-Dtea.agent.http.keymanager.password 
-Dtea.agent.http.cert-alias 
-Dtea.agent.http.want.client.auth 
-Dtea.agent.http.need.client.auth 
-Dtea.agent.http.client.keystore 
-Dtea.agent.http.client.truststore 
-Dtea.agent.http.client.keystore.password 
-Dtea.agent.http.client.truststore.password 
-Dtea.agent.http.client.keymanager.password 
-Dtea.agent.http.client.cert-alias
********************************************************

4. Start the TEA server and the ems agent.

5. Manually register the EMS agent in the TEA UI. URL with default port - https://localhost:8077/ems

#Note:  Although example show configuration for EMS agent this solution can also be used for  2-way SSL between:

• TIBCO Enterprise Administrator(TEA)  ⇔ BusinessWorks(BW) agent.

• TIBCO Enterprise Administrator(TEA)  ⇔ Hawk agent.