TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Authentication and User Directory<br />
For the servers to accept the client ceritificates, it must be told to trust the certificate of<br />
the certificate authority that issued them. In order for this to happen, you must export<br />
the certificate authority certificate (CA certificate) to file and import it to a truststore<br />
that the <strong>Spotfire</strong> <strong>Server</strong>s can read. Once you have the CA certificate in a file on the<br />
<strong>Spotfire</strong> <strong>Server</strong>s, issue the following command to create a truststore and import the CA<br />
certificate to it:<br />
/jdk/bin/keytool.exe -importcert -v -file -keystore<br />
castore.jks.<br />
clientAuth=”true”<br />
The truststore file castore.jks can be placed anywhere. You must add the path to it, its<br />
password and its type to the file server.xml. See the next step for instructions on how<br />
to do this.<br />
Configure a <strong>Server</strong> to Require Client Certificates<br />
To configure a server to require client certificates you must edit the file server.xml,<br />
located in the directory server installation dir>/conf.<br />
In the Connector definition that you created when you configured the server to use<br />
HTTPS, add the following:<br />
You must also add the path to the truststore, its password, and type to server.xml. Also<br />
within the Connector definition, add the following:<br />
truststoreFile=<br />
truststorePass=password<br />
truststoreType=”JKS”<br />
Configure a Load Balancer<br />
To configure a load balancer to redirect client certificates, see the section “X.509<br />
Client Certificate Authentication” on page 62<br />
Configure the <strong>Server</strong>s to Use Client Certificates to Authenticate Users<br />
To configure the servers in the cluster to use client certificates to authenticate users,<br />
open the configuration console, select the tab called Authentication and select X.509<br />
Client Certificate as the Login Method.<br />
74 (144) <strong>TIBCO</strong> <strong>Spotfire</strong>® <strong>Server</strong> <strong>3.2.2</strong>