Integrating SSL enabled Enterprise Messaging Service(EMS) with TIBCO Enterprise Administrator(TEA)
Article ID: KB0083911
Updated On:
| Products | Versions |
|---|---|
| TIBCO Enterprise Administrator (TEA) | - |
Description
The TEA agent for TIBCO Enterprise Message Service allows you to register SSL enabled TIBCO Enterprise Message Service servers.
Issue/Introduction
Integrating SSL enabled Enterprise Messaging Service with TIBCO Enterprise Administrator.
Environment
Product: TIBCO Enterprise Administrator
Version: All
OS: All
Resolution
Prerequisites.
1). Make sure the TIBCO Enterprise Message Service is configured to use SSL protocol and is running.
2). Start the TIBCO Enterprise Administrator (TEA) server.
3). Start the TEA EMS-agent and register with TEA server. Detailed steps are documented - https://docs.tibco.com/pub/tea/2.2.0/doc/html/GUID-3FDF3D61-EFCF-4692-8675-00507D2B9370.html
Procedure.
1). Login to TEA UI and click on the TIBCO Enterprise Message Service product card.
2). In the server managemnet page click Register Server.
3). Enter the information:
Server Name: a unique name to each TIBCO Enterprise Message Service instance.
URL: TIBCO Enterprise Message Service servers url using SSL protocol
Username/Password: Credentials to connect with TIBCO Enterprise Message Service servers URL
Add to groups: TIBCO Enterprise Message Service servers can be assigned to logical groups. One can assign the server to an existing group or create a new group and assign it to the new group.
4). SSL Settings information.
Client Identity : Upload the client's digital certificate. PKCS#12, Java keystore, Entrust store are the supported formats. Client identity is a mandatory filed even thought EMS option "SSL_require_client_cert" is "disabled" (we have an existing JIRA TAEM-164 for this issue).
Trusted Certificate : Upload the root certificate of the CA that issued the server certificate. Supported format is PEM.
Expected Server's Hostname: The hostname that appears in the CN field of the server's certificate. If the CN field was not set in the certificate, enter the hostname of the server. This value will be used if the "Verify Server's Hostname" check box is selected.
Private Key Password: Enter the password for the client's private key.
Cipher Suites: Enter a colon separated list of the names of the cipher suites that the client is allowed to use
Verify Server's Hostname: Select this field to verify the hostname of the server with the value for the CN field in the server's certificate.
Verify Server Certificate: Select this field to verify the server's certificate or identity.
1). Make sure the TIBCO Enterprise Message Service is configured to use SSL protocol and is running.
2). Start the TIBCO Enterprise Administrator (TEA) server.
3). Start the TEA EMS-agent and register with TEA server. Detailed steps are documented - https://docs.tibco.com/pub/tea/2.2.0/doc/html/GUID-3FDF3D61-EFCF-4692-8675-00507D2B9370.html
Procedure.
1). Login to TEA UI and click on the TIBCO Enterprise Message Service product card.
2). In the server managemnet page click Register Server.
3). Enter the information:
Server Name: a unique name to each TIBCO Enterprise Message Service instance.
URL: TIBCO Enterprise Message Service servers url using SSL protocol
Username/Password: Credentials to connect with TIBCO Enterprise Message Service servers URL
Add to groups: TIBCO Enterprise Message Service servers can be assigned to logical groups. One can assign the server to an existing group or create a new group and assign it to the new group.
4). SSL Settings information.
Client Identity : Upload the client's digital certificate. PKCS#12, Java keystore, Entrust store are the supported formats. Client identity is a mandatory filed even thought EMS option "SSL_require_client_cert" is "disabled" (we have an existing JIRA TAEM-164 for this issue).
Trusted Certificate : Upload the root certificate of the CA that issued the server certificate. Supported format is PEM.
Expected Server's Hostname: The hostname that appears in the CN field of the server's certificate. If the CN field was not set in the certificate, enter the hostname of the server. This value will be used if the "Verify Server's Hostname" check box is selected.
Private Key Password: Enter the password for the client's private key.
Cipher Suites: Enter a colon separated list of the names of the cipher suites that the client is allowed to use
Verify Server's Hostname: Select this field to verify the hostname of the server with the value for the CN field in the server's certificate.
Verify Server Certificate: Select this field to verify the server's certificate or identity.
Additional Information
https://docs.tibco.com/pub/tea/2.2.0/doc/html/GUID-AD39E76E-8EAF-40D1-A43D-835F0D2E4B43.html
Feedback
Yes
No
Powered by
