Configuring CentraSiteCommand to Use SSL
Pre-requisites:
To configure CentraSiteCommand tool to use SSL, you must have the CentraSite Administrator role.
You can configure CentraSiteCommand tool to communicate with CentraSite Application Server Tier through secure HTTP (HTTPS) connection. When configuring CentraSiteCommand tool to use HTTPS with Secure Sockets Layer (SSL), the necessary keystores and truststores must be set in order to access the required security databases and certificates. The truststore should contain a certificate that is accepted by the Tomcat. A list of certificates that are accepted by Software AG Runtime is defined by the keystore entries in the <SoftwareAG_directory>/profiles/CTP/configuration/com.softwareag.platform.config.propsloader/com.soeag.catalina.connector.https.pid-CentraSite.properties file.
Default keystore is <Software AG_directory>/profiles/CTP/configuration/tomcat/conf/localhost_dont_use_in_production.jks.
To configure CentraSiteCommand to use SSL
1. Using KeyStore Explorer, open the Tomcat keystore (localhost_dont_use_in_production.jks).
2. Right-click on the keypair, and choose Export > Export Certificate Chain.
3. Export the full certificate chain into the Software AG_directory:
<Software AG_directory>/profiles/CTP/configuration/tomcat/conf/centrasite.cer
4. Create a keystore (centrasitekeystore.jks) in JKS format to use for SSL.
5. Choose Tools > Import Trusted Certificate to add the exported certificate to the keystore.
6. Select and import the self-signed certificate (centrasite.cer) into the new keystore (centrasitekeystore.jks).
7. Create a keystore alias using the keystore (centrasitekeystore.jks).
For more information on creating a keystore alias, see webMethods Integration Server Administrator’s Guide in the documentation set for webMethods Integration Server.
Note: The keystore alias should match the host name of the machine where CentraSite is installed.
8. Save the keystore alias (centrasitekeystore.jks) into the CentraSiteCommand directory:
<Software AG_directory>/CentraSite/utilities
When prompted for a password to save the keystore alias, the default for keystores and truststores is change_this_password.
9. Enter the name of the new keystore alias as centrasitekeystore.jks.
10. Open the CentraSiteCommand.cmd file in a text editor. You can find the CentraSiteCommand.cmd file in the following location:
<Software AG_directory>/CentraSite/utilities
11. Locate the parameter setting SET FINAL_CMD=%CS_JAVA_EXE%.
SET FINAL_CMD=%CS_JAVA_EXE% -Dinstallpath=%CENTRASITE_HOME% -DextensionCommand=%CENTRASITE_HOME%\utilities\ExtensionCommand.xml -Dlog4j.configuration=file:%CENTRASITE_HOME%\utilities\log4j.xml -Djava.util.logging.config.file=%CENTRASITE_HOME%\utilities\logging.properties -cp %LOCAL_CLASSPATH% com.softwareag.centrasite.administration.cli.CentrasiteCommand %*
12. Add the SSL parameter setting:
-Djavax.net.ssl.trustStore=truststore.jks -Djavax.net.ssl.trustStorePassword=myPass -Djavax.net.ssl.trustStoreType=jks
13. Save and close the file. CentraSiteCommand should now be using SSL.