How to expose an API or a Service in HTTPS in BusinessWorks and BusinessWorks Container Edition

This article goal is to explain how to set-up an HTTPS configuration with one way SSL when BusinessWorks is acting as a server exposing a REST API or a SOAP Service.

Overall architecture

The following diagram is showing the server and client components and their relative keystore and truststore files with their contents.

Diagram showing an HTTPS configuration using one way SSL

Pre-requisites

To set-up a server HTTPS configuration with one way SSL you need the following elements:

. A private key stored in a Keystore file

. The Keystore file password

. The private key alias

. The private key password

Example of a Keystore file containing a private key seen in the Key Explorer tool :

Example of a KeyStore file content

On the screen shot above you can see the private key alias that is ‘myservice’.

The private key includes the related public keys.

Details on the Private Key showing the related Public certificates (two certificates in this example)

Set-up of the BusinessWorks configuration

Assuming that the configuration to expose the REST API or the Service in plain HTTP is already set-up the following actions need to be completed to change the configuration to HTTPS:

#1 in the HTTP Connector resource check the Confidentiality option

Enable Confidentiality

#2 Click on the button to select or create an SSL Server Configuration

Create or select an SSL Server configuration

#3 Click on Create shared resource (or select an existing resource)

Create an SSL Server configuration

#4 Enter a name for the new SSL Server resource and click Finish (if creating a new resource)

If you create a new resource you can select to use the suggested name or enter a new one.

Enter the SSL Server resource name

#5 In the SSL Server Resource click the button to select or create an Identity Store Provider

Create or select an Identity Store Provider configuration

#6 Click on Create Shared Resource (or select an existing resource)

Create an Identity Store configuration

If you create a new resource you can select to use the suggested name or enter a new one.

#7 Configure the Key Store provider

Select the Provider (SUN is the default value when nothing is selected), enter the path to the KeyStore and the KeyStore password (these values should be managed using properties). You may also need to adjust the Keystore type.

Note that by default BusinessWorks is trying to refresh KeyStore files every hour, this allows a KeyStore to be updated without downtime (which is useful to manage Certificates expiry).

KeyStore Provider configuration

# 8 Complete the configuration of the SSL Server resource

Enter the Key Alias name and Key password (these values should be managed using properties). Leave the ‘Enable Mutual Authentication’ option unselected.

SSL Server configuration

Note : depending on the security requirements you have to manage you may need to adjust the values of some of the parameters present in the ‘Advanced SSL Server Configuration’ section.

#9 Save your project and check the configuration

The HTTP connector resource should look like this:

HTTP connector resource configured for HTTPS

The SSL Server resource Configuration should look like this:

SSL Server resource configured for HTTPS with one way SSL

The KeyStore provider resource configuration should look like this:

Keystore Provider resource configured

Access to the REST API or Service from a BusinessWorks client application

To access from BusinessWorks a REST API or a Service exposed over HTTPS you need to use an HTTP Client Shared Resource configured to use the Public Certificates corresponding to the server private key.

This is explained in this article : https://emarchiset.medium.com/how-to-configure-an-http-client-connection-to-access-a-rest-api-or-web-services-exposed-over-https-6b97dcfe1fb4

Useful information

To write this article I used a set of sample Keystore files available at the following URL (download the x.509-sample-keys-and-certificates.zip file):
https://www.swview.org/blog/sample-x509-certificate-collection-publicprivate-keys-java

Article explaining how to debug SSL / TLS configuration in BusinessWorks :
https://emarchiset.medium.com/how-to-debug-ssl-tls-connections-in-businessworks-6-x-and-businessworks-container-edition-5659c7addab0

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Emmanuel Marchiset

I work as an Architect at TIBCO on Integration products. Opinions here are my own.