Creating Certificate and Identity file for SSL Connection Step 1: Creating Certificate and Public key.

We will learn to create our own Certificates and Identity file with keytool which we can use in our SSL Tibco projects. With the help of which we can generate .jks file ,public key and private key for SSL connection. To create the certificate you can use tool called 'keytool' which is shipped with jdk/jre. It is a command line utility. Command For Generating JKS File Below is the command to create a .jks file which will have both public key and private key.

keytool -genkey -alias server-alias -keyalg RSA -keypass yourpassword -storepass yourpassword -keystore keystore.jks
Short summary: -alias is used to give a name to your key. should be unique for its purpose. -keyalg is encryption algorithm type. -keypass password affiliated to key -storepass is affiliated to keystore.jks keystore.jks is name of the file which acts as repository keys. After typing in this command, you will be asked details for the JKS file, give specifications accordingly.

At the end your key called server-alias will be stored in repo keystore.jks. This entry in keystore.jks will have public as well as private key. You now need to publish the public key to the world. use following command to extract public key from entry which you have created earlier.

keytool -export -alias server-alias -storepass yourpassword -file server.cer -keystore keystore.jks

The public key aka certificate will be stored in file named server.cer. This file should be used by the person who wants to connect to your server.

1.2 Creating Identity file.

1.2.1 Identity You have your public/private key pair with you. Create an Identity in your BW project. Choose type Identity file. Provide URL as path to your_keystore.jks. Give the file type 'JKS' and password. Save the identity. 1.2.2 HTTP Connection. Create an HTTP Connection and use SSL. Configure SSL with the identity and certificate folder you have created in 1.2.1. This step does not include instructions to enable client authentication. This is enough for server side.

Step 2: Importing the certificate to be used at client side.

2.1 Import the key
Get the server.cer from the server authority which is publicly available. Import the public key into you trust store (Certificate folder in the Tibco Designer). Certificate in PEM format In the BW project import the public certificate by Tools>Trusted Certificates>Import into PEM format. It is always advisable to keep the certificates in a separate folder to skip unnecessary processing.

2.2 Install in tibco BW

We can use the same Identity file that we have used in the HTTP Connection at the Soap Request Reply SSL Configuration.