How to configure SSL with one studio truststore file to multiple servers in TIBCO Data Virtualization?
Article ID: KB0073126
Updated On:
| Products | Versions |
|---|---|
| TIBCO Data Virtualization | All supported versions |
Description
If there is one Studio client to connect to multiple TDV servers, the user can follow the steps given below to configure SSL to each one of them:
1. Generate a new key for the second server
- Navigate to conf/server/security
- Backup cis_server_keystore.jks and create a new key
The command for reference:
----------------
2. Import the keystore into the truststore of the second server and Studio
Commands to be used for reference:
----------------
3. Verify that the new key entry is inserted into the truststore files
----------------
If the import was successful, there should be the following highlighted rows in the output:
---------------
Alias name: cis_server
Owner: CN=cis_server, OU=engineering, O=TIBCO Software Inc, L=Palo Alto, ST=CA, C=US
Issuer: CN=cis_server, OU=engineering, O=TIBCO Software Inc, L=Palo Alto, ST=CA, C=US
Alias name: cis_server2
Owner: CN=cis_server2, OU=cis, O=cis, L=cis, ST=ca, C=us
Issuer: CN=cis_server2, OU=cis, O=cis, L=cis, ST=ca, C=us
4. Open the server configuration file and modify the following entries in the server_values.xml file:
============
5. If the keystore password is changed, then modify the following lines too:
============
Restart the TDV server and log in to Studio with the 'Encrypt' option selected.
1. Generate a new key for the second server
- Navigate to conf/server/security
- Backup cis_server_keystore.jks and create a new key
The command for reference:
----------------
keytool -genkey -keyalg RSA -alias cis_server2 -keystore cis_server_keystore.jks -storepass changeit -validity 360 -keysize 2048 # you can have different pass than "changeit"
2. Import the keystore into the truststore of the second server and Studio
Commands to be used for reference:
----------------
keytool -importkeystore -srckeystore conf/server/security/cis_server_keystore.jks -destkeystore conf/server/security/cis_server_truststore.jks -srcalias cis_server2 keytool -importkeystore -srckeystore conf/server/security/cis_server_keystore.jks -destkeystore conf/studio/security/cis_studio_truststore.jks -srcalias cis_server2
3. Verify that the new key entry is inserted into the truststore files
----------------
keytool -list -keystore conf/server/security/cis_server_truststore.jks -v | grep cis keytool -list -keystore conf/studio/security/cis_studio_truststore.jks -v | grep cis
If the import was successful, there should be the following highlighted rows in the output:
---------------
Alias name: cis_server
Owner: CN=cis_server, OU=engineering, O=TIBCO Software Inc, L=Palo Alto, ST=CA, C=US
Issuer: CN=cis_server, OU=engineering, O=TIBCO Software Inc, L=Palo Alto, ST=CA, C=US
Alias name: cis_server2
Owner: CN=cis_server2, OU=cis, O=cis, L=cis, ST=ca, C=us
Issuer: CN=cis_server2, OU=cis, O=cis, L=cis, ST=ca, C=us
4. Open the server configuration file and modify the following entries in the server_values.xml file:
============
<common:attribute> <common:name>/server/communications/keystoreKeyAlias</common:name> <common:type>STRING</common:type> <common:value>cis_server2</common:value> </common:attribute> <common:attribute> <common:name>/server/communications/keystoreKeyAliasOnServerRestart</common:name> <common:type>STRING</common:type> <common:value>cis_server2</common:value> </common:attribute>
5. If the keystore password is changed, then modify the following lines too:
============
<common:attribute> <common:name>/server/communications/keystorePassword</common:name> <common:type>PASSWORD_STRING</common:type> <common:value>NEW_PASSWORD</common:value> </common:attribute> <common:attribute> <common:name>/server/communications/keystorePasswordOnServerRestart</common:name> <common:type>PASSWORD_STRING</common:type> <common:value>NEW_PASSWORD</common:value> </common:attribute>
Restart the TDV server and log in to Studio with the 'Encrypt' option selected.
Issue/Introduction
This article will summarize the steps to use one studio truststore file to connect to multiple servers with SSL in TIBCO Data Virtualization.
Environment
All supported environments
Feedback
Yes
No
Powered by
