Configuring SSL for Facade HTTP Channel in TIBCO API Exchange Gateway(APIX-G).
Article ID: KB0089423
Updated On:
| Products | Versions |
|---|---|
| TIBCO API Exchange | - |
| Not Applicable | - |
Description
Description:
This article provides details for configuring SSL for Facade HTTP Channel. This is done by configuring the properties for the Facade HTTPS Channel in asg.properties .
This article provides details for configuring SSL for Facade HTTP Channel. This is done by configuring the properties for the Facade HTTPS Channel in asg.properties .
Issue/Introduction
Configuring SSL for Facade HTTP Channel in TIBCO API Exchange Gateway(APIX-G).
Resolution
Configure the Facade HTTPS channel properties under the comment "#Facade HTTPS Channel" in the asg.properties file.
##When IdentityFileTye=url and IdentitifyType=JKS
#Facade HTTPS Channel
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/Host=<asg-engine_host>
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/Port=9233
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/useSSL=true
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/Identity=/DefaultImplementation/SharedResources/HTTP/HTTPIdentityResource.id
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/IdentityFileType=url
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/IdentityType=JKS
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/IdentityURL=C:/only_john_key.jks
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/IdentityFilePassword=password
#No ClientAuthentication or 1-way SSL
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/RequiresClientAuthentication=false
-----------------------------------------------
##When IdentityFileTye=url and IdentitifyType=PKCS12
#Facade HTTPS Channel
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/Host=<asg-engine_host>
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/Port=9233
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/useSSL=true
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/Identity=/DefaultImplementation/SharedResources/HTTP/HTTPIdentityResource.id
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/IdentityFileType=url
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/IdentityType=PKCS12
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/IdentityURL=C:/john_key.p12
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/IdentityFilePassword=password
#No ClientAuthentication or 1-way SSL
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/RequiresClientAuthentication=false
-------------------------------------------
##When IdentityFileTye=certPlusKeyURL
#Facade HTTPS Channel
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/Host=<asg-engine_host>
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/Port=9233
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/useSSL=true
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/Identity=/DefaultImplementation/SharedResources/HTTP/HTTPIdentityResource.id
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/IdentityFileType=certPlusKeyURL
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/CertificateURL=C:/VVK/certs/2way/john.cer
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/KeyURL=C:/VVk/certs/john_private_key.openssl
#No ClientAuthentication or 1-way SSL
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/RequiresClientAuthentication=false
-----------------------------------------------
#For 2-way SSL(with mutual authentication), replace the last property with below properties
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/RequiresClientAuthentication=true
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/TruststorePassword=
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/TrustedCertificateFolder=C:/HTTPS/TrustStore
Note:
1). TrustedCertificateFolder accepts only a folder which has PEM-encoded files and the entire chain should be present.
#Facade HTTPS Channel
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/Host=<asg-engine_host>
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/Port=9233
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/useSSL=true
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/Identity=/DefaultImplementation/SharedResources/HTTP/HTTPIdentityResource.id
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/IdentityFileType=url
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/IdentityType=JKS
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/IdentityURL=C:/only_john_key.jks
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/IdentityFilePassword=password
#No ClientAuthentication or 1-way SSL
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/RequiresClientAuthentication=false
-----------------------------------------------
##When IdentityFileTye=url and IdentitifyType=PKCS12
#Facade HTTPS Channel
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/Host=<asg-engine_host>
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/Port=9233
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/useSSL=true
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/Identity=/DefaultImplementation/SharedResources/HTTP/HTTPIdentityResource.id
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/IdentityFileType=url
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/IdentityType=PKCS12
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/IdentityURL=C:/john_key.p12
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/IdentityFilePassword=password
#No ClientAuthentication or 1-way SSL
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/RequiresClientAuthentication=false
-------------------------------------------
##When IdentityFileTye=certPlusKeyURL
#Facade HTTPS Channel
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/Host=<asg-engine_host>
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/Port=9233
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/useSSL=true
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/Identity=/DefaultImplementation/SharedResources/HTTP/HTTPIdentityResource.id
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/IdentityFileType=certPlusKeyURL
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/CertificateURL=C:/VVK/certs/2way/john.cer
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/KeyURL=C:/VVk/certs/john_private_key.openssl
#No ClientAuthentication or 1-way SSL
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/RequiresClientAuthentication=false
-----------------------------------------------
#For 2-way SSL(with mutual authentication), replace the last property with below properties
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/RequiresClientAuthentication=true
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/TruststorePassword=
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/TrustedCertificateFolder=C:/HTTPS/TrustStore
Note:
1). TrustedCertificateFolder accepts only a folder which has PEM-encoded files and the entire chain should be present.
2). When using a Certificate and Key, downlowd the Tomcat native library and place it in the <JRE_HOME>/bin folder.
Additional Information
See the chapter below in the latest documentation:
Feedback
Yes
No
Powered by
