Software AG Products 10.11 | Administering Integration Server | Configuring Integration Server for Secure Communications | Preparing to Configure SSL in Integration Server
 
Preparing to Configure SSL in Integration Server
 
Creating Public/Private Keys and Certificates for Integration Server
Creating a Keystore and Truststore
Obtaining the Public Keys and Certificates of the Partner Application or Resource
Configuring Integration Server SSL Keys and Certificates
Configuring an Integration Server for SSL consists of some common tasks regardless of whether you are configuring Integration Server as an SSL server or an SSL client. Primarily, these common tasks are related to the preparation of certificates needed for SSL.
To prepare Integration Server for SSL configuration, complete the following high-level tasks:
1. Create public/private keys and certificates. This is required for one-way and two-way SSL authentication. Activities include:
*Generating a public key/private key pair.
*Generating a certificate signing request (CSR) and send to the certificate authority (CA) for signing.
*Receiving validated certificate from the CA.
*Importing signed certificate into a keystore.
For information about creating public/private keys and certificates, refer to the documentation for Java keytool or your certificate management tool.
2. Create keystore and truststore. This is required for one-way and two-way SSL authentication. Activities include:
*Creating a keystore and import the signed certificate and private key.
*Creating a truststore and import the certificate of the signing CA.
*Storing the keystore and truststore in a secure IS certificates directory.
*Creating aliases for the keystore and truststore. For information, see Creating a Keystore.
Important:
If you use Oracle keytool to create the keystore, you cannot import an existing private key. You can use other tools such as OpenSSL or Portecle.
For information about creating keystores and truststores, refer to the documentation for your certificate management tool.
3. Obtain certificates of partner application or resource and, if necessary, create certificate mappings. Obtaining certificates is required for both one-way and two-way SSL connections. Creating certificate mappings is required for two-way SSL authentication and when Integration Server is acting as an SSL server.
Activities include using Integration Server Administrator to save the following:
*Signed certificate of the CA for the partner's SSL certificate.
*Signed certificate of the partner application (for two-way SSL connections where is acting as an SSL server).
For more information about importing certificates and certificate mappings, see Importing a Client Certificate and Mapping It to a User.
4. Specify SSL certificates and keys for Integration Server. This is required for one-way and two-way SSL authentication.
Activities include using Integration Server Administrator to set the following:
*The SSL key used to identify Integration Server.
*The private key used to sign outgoing documents, messages, and data streams.
*The private key used for decrypting inbound documents, messages, and data streams.
For more information about setting SSL keys for Integration Server, see Specifying Integration Server SSL Certificates and Keys
After you prepare the certificates and keys needed for SSL, you can proceed with configuration of Integration Server as an SSL server and/or SSL client.
*Configuration of Integration Server as an SSL server includes, creating ports, specifying disabled protocols, specifying allowed cipher suites. For more information, see Configuring Integration Server as an SSL Server.
*Configuration Integration Server as an SSL client includes specifying disabled protocols and setting allowed cipher suites. For more information, see Configuring Integration Server as an SSL Client.