When creating an SSL Client Provider Resource Template ("RT") from the TIBCO Activematrix Administrator GUI, the advance screen 'Verify Remote Hostname' option is disabled (grayed out) by default.
Article ID: KB0093129
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix Service Grid | - |
| TIBCO BPM Enterprise (formerly TIBCO ActiveMatrix BPM) | - |
| TIBCO ActiveMatrix BusinessWorks Service Engine | - |
Description
Description:
When you create an SSL Client Provider RT from the TIBCO Activematrix Administrator GUI, the advance screen 'Verify Remote Hostname' option is disabled (grayed out) by default. This option will be enabled only when you select 'Enable Mutual Authentication' in the RT creation main page.
Symptoms:
In the Activematrix Administrator GUI, the 'Verify Remote Hostname' option will be disabled by default in the SSL Client Provider RT creation screen.
Cause:
This is a known issue and defect TAP-14055 was reported.
When you create an SSL Client Provider RT from the TIBCO Activematrix Administrator GUI, the advance screen 'Verify Remote Hostname' option is disabled (grayed out) by default. This option will be enabled only when you select 'Enable Mutual Authentication' in the RT creation main page.
Symptoms:
In the Activematrix Administrator GUI, the 'Verify Remote Hostname' option will be disabled by default in the SSL Client Provider RT creation screen.
Cause:
This is a known issue and defect TAP-14055 was reported.
Issue/Introduction
When creating an SSL Client Provider Resource Template ("RT") from the TIBCO Activematrix
Administrator GUI, the advance screen 'Verify Remote Hostname'
option is disabled (grayed out) by default.
Resolution
This is a known issue and until it is fixed, the command line interface(CLI) can be used as a workaround. Subscribe to Late Breaking News ("LBN") for any of the applicable products to get informed when the defect is fixed in future.
Use CLI to create an SSL client provider RT. This way it would be possible to enable 'Verify Remote Hostname' and 'Expected remote Hostname' without enabling mutual authentication. A sample data.xml file is provided below(Sample build and data files are provided in CONFIG_HOME/admin/enterpriseName/samples where CONFIG_HOME is the folder which stores configuration data, logs, etc.)
=====
<ResourceTemplate
xsi:type="amxdata:SslClientResourceTemplate"
name="SslClientRT_nic"
description="This is SSL client RT">
<GeneralConfiguration xsi:type="amxdata:SslClientResourceTemplate_General"
trustStoreServiceProvider="trustIspRI"
enableAccessToTrustStore="true">
</GeneralConfiguration>
<AdvancedConfiguration xsi:type="amxdata:Ssl_Advanced"
securityProviderForSSL="SunJSSE"
securityProtocolToUseForSSL="TLSv1"
sslCipherStrength="AtLeast128Bit"
sslExplicitCiphers="">
<VerifyHost xsi:type="amxdata:VerifyHost"
RemoteHostIdentity_or_NameForVerification="myName"/>
</AdvancedConfiguration>
</ResourceTemplate>
================
After creating RT from the CLI, go to the Activematrix Administrator GUI and verify that 'Remote Hostname' is enabled for the RT.
Feedback
Yes
No
Powered by
