Enabling SSL for an API client (Perl or Java)

Use bfclient.conf to configure SSL connections for an API client written in Perl or Java.

About this task

To make an SSL connection with an API client program, set up bfclient.conf. This file contains the SSL configuration properties. To simplify this procedure, the steps below assume you run your client in the client directory mentioned in the first step.

Procedure

  1. Create a client directory where you are going to run the script.

    Windows: mkdir c:\client

    UNIX or Linux: mkdir /temp/client

  2. Copy bfclient.conf to the client directory.

    Windows: copy c:\BuildForge\bfclient.conf c:\client

    UNIX or Linux: cp /opt/BuildForge/Platform/bfclient.conf /temp/client

  3. Create a keystore subdirectory in the client directory.

    Windows: mkdir c:\client\keystore

    UNIX or Linux: mkdir /temp/client/keystore

  4. Copy the keystores from the BuildForge installation into the client keystore directory.

    Windows: copy \BuildForge\keystore\*.pem \client\keystore

    UNIX or Linux: cp /opt/BuildForge/Platform/keystore/*.pem /temp/client/keystore

  5. For Perl, set the following OS environment variable so that the bfclient.conf location is found.

    Windows: set BFCLIENT_CONF=c:\client\bfclient.conf

    UNIX or Linux: export BFCLIENT_CONF="/temp/client/bfclient.conf"

  6. For Java, complete these steps:
    1. Use SecureAPIClientConnection instead of APIClientConnection in your code to make an SSL connection using bfclient.conf.
    2. Set the following System property on the Java command line when running your script.

      Windows: -Dcom.buildforge.client.config=c:\client\bfclient.conf

      UNIX or Linux: -Dcom.buildforge.client.config=/temp/client/bfclient.conf

  7. Edit bfclient.conf and check the following properties:
    • bf_services_preferred_protocol=ssl

      Make sure the value is ssl instead of tcp.

    • bf_services_ssl_port=49150

      Make sure 49150 is your Services Layer SSL port.

    • bf_keystore_location=./keystore/buildForgeKey.pem

      There are several keystore locations. If you run your script in a directory other than the client directory, change each keystore location to use a fully qualified path.

  8. If you want to be sure that your script is using bfclient.conf correctly, set the following debug property in your environment. When you run your script, you should see more output about the SSL connection properties.

    Windows: set BFDEBUG_SECURITY=1

    UNIX or Linux: export BFDEBUG_SECURITY=1


Feedback