Configuring CentraSite Client to Use One-way SSL
To configure
CentraSite for one-way SSL authentication
1. Create at least one truststore centrasitetruststore.jks, in JKS format, in a desired location on the machine where CentraSite is running.
2. Import the Mediator's self-signed certificate mediator.cer into the above created truststore or JAVA cacerts.
When prompted for password, the default for truststores is password.
C:\deploykeystores\new>keytool -export -alias mediator
-keystore mediatorkeystore.jks -rfc -file mediator.cer
Enter keystore password:
Certificate stored in file <mediator.cer>
C:\deploykeystores\new>keytool -import -alias mediator
-keystore centrasitetruststore.jks -file mediator.cer
Enter keystore password:
Re-enter new password:
Owner:
Issuer:
Serial number:
Valid from:
Certificate fingerprints:
Trust this certificate? [no]: yes
Certificate was added to keystore
C:\deploykeystores\new>
If opting to import certificate in to Java cacerts, the Java runtime needs to trust the certificates of the Mediator in order to establish the SSL connections. To do that, add the certificate to the trusted certificates of Java via the keytool utility that comes with Java. The following command adds the certificate located at a location (for example, c:\temp\server.crt) to the trusted certificates in the Java used by CentraSite:
keytool.exe -import -v -trustcacerts -alias test -file "C:\temp\server.crt"
-keystore "<JDKInstallDir>\jre\lib\security\cacerts"
When prompted for password, the default for Java is changeit.
3. Add the following Java system properties to the custom_wrapper.conf file in <SuiteInstallDir>/profiles/CTP/configuration folder. For information about setting Java system properties, see the webMethods cross-product document, Software AG Infrastructure Administrator's Guide.
wrapper.java.additional.<n>=-Djavax.net.ssl.trustStore=
<location_of_truststore>
wrapper.java.additional.<n>= -Djavax.net.ssl.trustStorePassword=
<password_for_truststore>
In the settings above:
<n> is a unique sequence number that you assign to each wrapper.java.additional property. For more information about assigning this sequence number, see the wrapper.java.additional property description in the cross-product document, Working with the webMethods Product Suite and the Java Service Wrapper.
<location_of_truststore> is the location to the trust store file (for example,
C:/deploykeystores/new/centrasitetruststore.jks).
<password_for_truststore> is the password for the trust store.
4. Go to the section #Java Additional Parameters. Add the following property lines:
wrapper.java.additional.7=-Djavax.net.ssl.
trustStore="C:/deploykeystores/new/centrasitetruststore.jks"
wrapper.java.additional.8=-Djavax.net.ssl.trustStorePassword=password
5. Set the values as needed:
wrapper.java.additional.7=-Djavax.net.ssl.trustStore= represents the location of a truststore file (for example, centrasitetruststore.jks).
wrapper.java.additional.8=-Djavax.net.ssl.trustStorePassword= represents the password for a truststore.
6. Save and close the file.
7. Now restart the CentraSite Tomcat. All communication through the Mediator to the database should now be using SSL.