How to configure SSL with one studio truststore file to multiple servers in TIBCO Data Virtualization?

How to configure SSL with one studio truststore file to multiple servers in TIBCO Data Virtualization?

book

Article ID: KB0073126

calendar_today

Updated On:

Products Versions
TIBCO Data Virtualization All supported versions

Description

If there is one Studio client to connect to multiple TDV servers, the user can follow the steps given below to configure SSL to each one of them:
1. Generate a new key for the second server

- Navigate to conf/server/security
- Backup cis_server_keystore.jks and create a new key
The command for reference:
---------------- 

keytool -genkey -keyalg RSA -alias cis_server2 -keystore cis_server_keystore.jks -storepass changeit -validity 360 -keysize 2048 # you can have different pass than "changeit"


2. Import the keystore into the truststore of the second server and Studio
Commands to be used for reference:
---------------- 
keytool -importkeystore -srckeystore conf/server/security/cis_server_keystore.jks -destkeystore conf/server/security/cis_server_truststore.jks -srcalias cis_server2

keytool -importkeystore -srckeystore conf/server/security/cis_server_keystore.jks -destkeystore conf/studio/security/cis_studio_truststore.jks -srcalias cis_server2


3. Verify that the new key entry is inserted into the truststore files
---------------- 
keytool -list -keystore conf/server/security/cis_server_truststore.jks -v | grep cis 

keytool -list -keystore conf/studio/security/cis_studio_truststore.jks -v | grep cis

If the import was successful, there should be the following highlighted rows in the output:
---------------
Alias name: cis_server
Owner: CN=cis_server, OU=engineering, O=TIBCO Software Inc, L=Palo Alto, ST=CA, C=US
Issuer: CN=cis_server, OU=engineering, O=TIBCO Software Inc, L=Palo Alto, ST=CA, C=US
Alias name: cis_server2
Owner: CN=cis_server2, OU=cis, O=cis, L=cis, ST=ca, C=us
Issuer: CN=cis_server2, OU=cis, O=cis, L=cis, ST=ca, C=us 


4. Open the server configuration file and modify the following entries in the server_values.xml file:
============
  
<common:attribute>
    <common:name>/server/communications/keystoreKeyAlias</common:name>
    <common:type>STRING</common:type>
    <common:value>cis_server2</common:value>
  </common:attribute>
  <common:attribute>
   <common:name>/server/communications/keystoreKeyAliasOnServerRestart</common:name>
    <common:type>STRING</common:type>
    <common:value>cis_server2</common:value>
  </common:attribute>


5. If the keystore password is changed, then modify the following lines too:
============
  
<common:attribute>
    <common:name>/server/communications/keystorePassword</common:name>
    <common:type>PASSWORD_STRING</common:type>
    <common:value>NEW_PASSWORD</common:value>
  </common:attribute>
  <common:attribute>
    <common:name>/server/communications/keystorePasswordOnServerRestart</common:name>
    <common:type>PASSWORD_STRING</common:type>
    <common:value>NEW_PASSWORD</common:value>
  </common:attribute>

Restart the TDV server and log in to Studio with the 'Encrypt' option selected.

Environment

All supported environments

Issue/Introduction

This article will summarize the steps to use one studio truststore file to connect to multiple servers with SSL in TIBCO Data Virtualization.
Powered by Wolken Software