Setting Security Configuration for CentraSite Registry Repository
To configure the secure communication for CentraSite Registry Repository (CRR) through the Command Line Interface, you must have the CentraSite Administrator role.
To define the SSL security values for use in the CentraSite Registry Repository environment from the command line, you must perform the following high-level steps:
Create a script (
RR-config.xml) file.
Execute the configuration file with appropriate input parameters.
To set the security configuration for registry repository
1. Create a RR configuration file, RR-config.xml, to define the SSL security values specific for Application Server Tier environment.
The configuration file RR-config.xml should look as follows:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
<entry key="com.softwareag.centrasite.security.keyStore">
C:/SoftwareAG/CentraSite/test/files/certs/castcert.p12
</entry>
<entry key="com.softwareag.centrasite.security.keyStorePassword">
cscert
</entry>
<entry key="com.softwareag.centrasite.security.keyStoreType">PKCS12
</entry>
<entry key="com.softwareag.centrasite.security.trustStore">
C:/SoftwareAG/CentraSite/test/files/certs/casttrust.p12
</entry>
<entry key="com.softwareag.centrasite.security.trustStorePassword">
cscert
</entry>
<entry key="com.softwareag.centrasite.security.trustStoreType">
PKCS12
</entry>
<entry key="com.softwareag.centrasite.security.crr.trustStore">
C:/SoftwareAG/CentraSite/test/files/certs/crrtrust.pem
</entry>
<entry key="com.softwareag.centrasite.security.crr.certificate">
C:/SoftwareAG/CentraSite/test/files/certs/crrcert.crt
</entry>
<entry key="com.softwareag.centrasite.security.crr.keyFile">
C:/SoftwareAG/CentraSite/test/files/certs/crr.key
</entry>
<entry key="com.softwareag.centrasite.security.crr.storePassword">
cscert
</entry>
</properties>
Examine the RR-config.xml file. It contains at least the XML namespace used for providing uniquely named elements and attributes.
The key and certificate files need to be in an OpenSSL readable format. The CA file needs to be in PEM format.
The default configuration, the same CA certificate is used for both client and server certificates.
2. To examine and modify the server parameters, run the command inoadmin setproperty CentraSite.
The syntax is of the format: inoadmin setproperty CentraSite <PropertyName> <PropertyValue> norestart
Example (all in one line):
inoadmin setproperty CentraSite "SSL certificate file" "C:/SoftwareAG/CentraSite/files/certs/custom_cacert.pem" norestart
3. To define the SSL security values for CRR, run the command set SSL RR.
The syntax is of the format: C:\SoftwareAG\CentraSite\utilities>CentraSiteCommand.cmd set SSL RR -url <CENTRASITE-URL> -user <USER-ID> -password <PASSWORD> -file <CONFIG-FILE>
The input parameters are:
Parameter | Description |
CENTRASITE-URL | The URL of the CentraSite registry. For example, http://localhost:53313/CentraSite/CentraSite. |
USER-ID | The user ID of a registered CentraSite user who has the CentraSite Administrator role. For example, Administrator. |
PASSWORD | The password for the registered CentraSite user identified by the parameter USER-ID. |
CONFIG-FILE | The absolute or relative path to the XML configuration file, RR-config.xml, containing the security properties. If relative, the path should be relative to the location from where the command is executed. |
Note:
If you change the default configuration, this command modifies the SSL configuration for RR. A time stamped archive of the previous configuration will be available in the configuration file cast-config.YYYY-MM-DD_HH-MM-SS.xml in the folder <CentraSiteInstall_Directory>/cfg/archive.
Example (all in one line):
C:\SoftwareAG\CentraSite\utilities>CentraSiteCommand.cmd set SSL RR -url http://localhost:53313/CentraSite/CentraSite -user Administrator -password manage -file RR-config.xml
The response to this command could be:
Executing the command : set SSL RR
Successfully executed the command : set SSL RR