Configuring TLS

The plug-in supports using Transport Layer Security (TLS) to secure the data exchange between the plug-in and an LDAP server.

TIBCO ActiveMatrix BusinessWorks provides a Keystore Provider resource to get access to a keystore. A keystore is a mechanism designed to create and manage private keys/digital certificate pairs and trusted Certificate Authority (CA) signed certificates.

A Keystore Provider resource can either be used as a trust store, or an identity store depending on the certificate that the keystore stores:

  • A trust store contains the CA signed certificate.

    The plug-in uses the provided trust store to verify the identity of the LDAP server.

  • An identity store contains the private key/digital certificate pairs.

    The LDAP server uses the provided identity store to verify the identity of the client.

In a design-time connection, the plug-in accesses a trust store to authenticate the connected LDAP server, or accesses an identity store to pass the client information to the connected LDAP server.

Complete the following tasks to use TLS to secure the data exchange:

  1. Configuring TLS on LDAP Servers
  2. Converting Certificates
  3. Creating a Keystore Provider Resource
  4. Configuring TLS in the Plug-in