Universal Messaging 10.11 | Administration Guide | Universal Messaging Enterprise Manager | Cluster Administration | Setting Up Inter-Realm Communication | Switching from Non-Encrypted to Encrypted Inter-Realm Communication
 
Switching from Non-Encrypted to Encrypted Inter-Realm Communication
The assumed starting point in this scenario is that there is already a cluster in which the inter-realm communication is not encrypted, i.e. the interface protocol is NHP or NSP, and you want to change this to encrypted communication, i.e. using the interface protocol NHPS or NSPS.
Here are the steps to follow to switch from non-encrypted to encrypted inter-realm communication in a Universal Messaging cluster:
1. Close the cluster and stop any running realms.
2. In the file Server_Common.conf on each realm, provide details of the truststore and keystore, as described in Setting Up Encrypted Inter-Realm Communication.
3. Restart all realms.
4. On each realm, create two NSPS interfaces, as described in the previous section.
5. Under the Certificates tab for each of the NSPS interfaces, add a reference to the custom truststore and the keystores containing the server signed certificates, for example:
Key store path : /webmethods/keystores/um_keystore.jks
Trust store path : /webmethods/truststores/um_truststore.jks
6. Close Enterprise Manager.
7. Set the environment variables CAKEYSTORE and CAKEYSTOREPWD for each realm to reference the truststore containing the CA root chain, and the truststore's password. You can set up these variables as follows:
a. Open the file Admin_Tools_Common.conf that is located in UniversalMessaging/java/<instanceName>/bin, where <instanceName> is the name of the realm server.
b. Locate the lines
set.default.CAKEYSTORE=
set.default.CAKEYSTOREPASSWD=
c. Set these variables to the required values, for example:
set.default.CAKEYSTORE=/webmethods/keystores/um_keystore.jks
set.default.CAKEYSTOREPASSWD=nirvana
d. If you choose not to enable client certificate validation, you must comment out the unused SSL keystore properties in the nenterprisemgr.conf file using a hash (#).
Note that if these variables have already been assigned a value elsewhere in the session, for example in a startup script, the values defined here in Admin_Tools_Common.conf will be ignored.
8. Restart Enterprise Manager.
By restarting the Enterprise Manager after setting values for CAKEYSTORE and CAKEYSTOREPASSWD, the Enterprise Manager will be able to connect over a secured interface.
9. Disable the inter-realm connection option on each realm's non-encrypted interfaces.
10. Form the cluster.