Copyright © TIBCO Software Inc. All Rights Reserved

Setting Up SSL Support for the Developer Portal

You can set up the API Exchange portal engine and the Developer Portal to communicate using a Secure Sockets Layer (SSL) connection over HTTPS.

Configuring the portal engine and the Developer Portal for SSL includes the following tasks:

•	Task A, Make Sure the Portal Engine and the Gateway Engine are Running Over SSL.

•	Task B, Set up Apache to Run on SSL.

•	Task C, Specify Settings for SSL in the Apache httpd.conf File.

•	Task D, Configure SSL in the Joomla Administrator.

•	Task E, Edit the asg_portal.properties File to Specify SSL Settings.

•	Task F, Import the Joomla Security Certificates into the cacerts Keystore.

•	Task G, In the Developer Portal, Specify SSL for Environment and Gateway Configuration.

Task A Make Sure the Portal Engine and the Gateway Engine are Running Over SSL

Ensure that the gateway engine and the portal engine are configured to run over SSL:

1.	Enable HTTPS on the API Exchange Gateway.

For information on enabling HTTPS on the API Exchange Gateway, see “Enable Facade HTTPs Transport” in Chapter 4 of the TIBCO API Exchange Gateway User’s Guide.

2.	Edit the asg-portal.properties file on the host where the API Exchange Manager component is running to ensure that the Developer Portal runs over SSL.

For information on this task, see Task E, Edit the asg_portal.properties File to Specify SSL Settings.

Task B Set up Apache to Run on SSL

To set up the Apache Web Server to run on SSL, follow these steps:

1.	Review the Apache documentation for information on setting up Apache for SSL. You can find basic documentation on setting up Apache for SSL at the following URL:

http://httpd.apache.org/docs/2.4/ssl/ssl_howto.html

2.	Locate the <APACHE_HOME>/conf/extra/httpd-ssl.conf file.

3.	Edit the httpd-ssl.conf file and ensure that it contains the following lines:

SSLEngine on

SSLProxyEngine on

SSLProxyVerify none

SSLProxyCheckPeerCN off

SSLProxyCheckPeerName off

Task C Specify Settings for SSL in the Apache httpd.conf File

Edit the httpd.conf file and make sure the following settings are specified:

1.	Uncomment the line that reads:

#LoadModule ssl_module modules/mod_ssl.so

2.	Uncomment the lines that point to the httpd-ssl.conf file:

# Secure (SSL/TLS) connections

#Include conf/extra/httpd-ssl.conf

3.	Edit any lines that specify ProxyPass settings and ensure that they specify HTTPS URLs and the port number for SSL (9133).

For example:

ProxyPass /apiKey https://developer.company.com :9133/apiKey

ProxyPassReverse /apiKey https://developer.company.com: 9133/apiKey

Task D Configure SSL in the Joomla Administrator

Follow these steps to configure SSL for Joomla:

 

Make sure that the API Exchange Gateway component is configured to run on SSL. See “Enable Facade HTTPs Transport” in Chapter 4 of the TIBCO API Exchange Gateway User’s Guide.

1.	Log into the Joomla Administrator user interface.

2.	Select System > Global Configuration.

3.	Click the Server tab.

4.	From the pull-down menu for Force SSL, select Entire Site.

5.	Click Save.

Task E Edit the asg_portal.properties File to Specify SSL Settings

To configure the portal engine for SSL, follow these steps:

1.	Go to the <directory path for asg_portal.properties file> directory.

2.	Edit the asg_portal.properties file.

3.	Locate the section that is labelled #Facade HTTPS Channel.

4.	Specify the HTTPS configuration settings as required.

For detailed information, see the section on “Connection Parameters for HTTPs Channel (Facade)” in Table 15, “Core Engine Properties” in Chapter 3 of the TIBCO API Exchange Gateway User’s Guide, “Core Engine Configuration.”

5.	Edit the lines that specify the Swagger specification document location and the portal server URL prefix, and make sure that they specify an HTTPS URL, as follows:

# Portal Engine Swagger specification document location URL prefix

https:/asg.portal.engine.swagger.spec.url.prefix = https://<portal_engine_hostname>/joomla/uploads/swaggerSpecs/

# Portal Server URL prefix

asg.portal.url.prefix = https://<portal_engine_hostname>/joomla

6.	Uncomment the following line and ensure that it specifies the hostname of the server running the portal engine, as follows:

asg.portal.server.hostname=<portal-engine-server-hostname>

7.	If you will use Spotfire to output analytic data for API Exchange APIs, add the following lines:

#SSL Properties for Spotfire

asg.portal.spotfire.ssl.property.file.path=
<path_to_spotfire_ssl_properties_file>

8.	Save the asg_portal.properties file.

Task F Import the Joomla Security Certificates into the cacerts Keystore

Import the certificates used by Joomla into the TIBCO cacerts keystore. this ensures that the portal engine trust the certificate presented by Joomla.

 

Follow these steps to import the certificates:

1.	Import the certificates used by Joomla into the <TIBCO_HOME>/tibcojre64/1.7.0/lib/security/cacerts keystore so that the portal engine trusts the certificate presented by Joomla

keytool -import -keystore %jre_home%\lib\security\cacerts -alias <alias_name> -file <your_cert_file>

where alias_name is the name of the SSL alias and your_cert_file is the filename of your certificate file.

Task G In the Developer Portal, Specify SSL for Environment and Gateway Configuration

When you are configuring the Developer Portal, specify SSL for any environments or gateways that you create:

1.	When you create a new environment using the Create New Environment page:

a.	Make sure that you check the SSL check box under the Basepath field.

b.	If you choose Yes for the Managed by Gateway setting, then select Yes for the SSL Enabled selection, and specify an HTTPS URL for the Management URL.

2.	After you save the environment, then when you create a gateway for the environment on the Create New Gateway page, check the SSL check box under the Management URL field.

Copyright © TIBCO Software Inc. All Rights Reserved