How to setup TIBCO Spotfire Advanced Data Services (ADS) to use an existing or a self-signed certificate.

How to setup TIBCO Spotfire Advanced Data Services (ADS) to use an existing or a self-signed certificate.

book

Article ID: KB0083103

calendar_today

Updated On:

Products Versions
TIBCO Spotfire Advanced Data Services 6.2.x,7.0.x

Description

In TIBCO Spotfire Advanced Data Services, HTTPS is enabled by default and it uses a Java keystore file with a 1024-bit RSA key and a certificate signed by Cisco. This KB article will show the steps needed to use a self-signed certificate or an already existing certificate.

Issue/Introduction

How to setup TIBCO Spotfire Advanced Data Services (ADS) to use an existing or a self-signed certificate.

Resolution

If you already have a certificate you would like to use, then you can skip step 1 and 2 and import the certificate using step 3 and 4.

  • This article assumes you have installed TIBCO Spotfire Advanced Data Services(ADS) into the default installation path "C:\Program Files\Composite Software\CIS x.x.x\" .
  • Replace SERVERNAME with the FQDN (Fully Qualified domain name) of the server.
  • Replace PASSWORD with what ever password you would like to use. -keypass and -storepass must be the same.
  • The -alias needs to be cis_server_strong otherwise you will need to make changes to the configuration via the Studio.
  • The default password for the existing certificate stores are changeit.

1). Create your own self signed certificate using keytool.

keytool -genkeypair -alias cis_server_strong -keyalg RSA -keysize 2048 -dname "CN=SERVERNAME" -keypass PASSWORD -storepass PASSWORD -keystore "C:\Program Files\Composite Software\CIS 6.2.0\conf\server\security\custom_cert.jks"

2). Export certificate to a format that can be imported into Windows.

keytool -export -alias cis_server_strong -storepass PASSWORD -file "C:\Program Files\Composite Software\CIS 6.2.0\conf\server\security\server.cer" -keystore "C:\Program Files\Composite Software\CIS 6.2.0\conf\server\security\custom_cert.jks"

3). Import the certificate into Studio trust store. This is needed in order to be able to use https with Studio.

keytool -import -v -trustcacerts -alias cis_server_strong -file "C:\Program Files\Composite Software\CIS 6.2.0\conf\server\security\server.cer" -keystore "C:\Program Files\Composite Software\CIS 6.2.0\conf\studio\security\cis_studio_truststore_strong.jks" -storepass changeit

4). Import the certificate into Server trust store. This is needed for the Web admin interface to work.

keytool -import -v -trustcacerts -alias cis_server_strong -file "C:\Program Files\Composite Software\CIS 6.2.0\conf\server\security\server.cer" -keystore "C:\Program Files\Composite Software\CIS 6.2.0\conf\server\security\cis_server_truststore_strong.jks" -storepass changeit
Powered by Wolken Software