Software AG Products 10.7 | Administering CentraSite | Configuring CentraSite | Configuring Secure Communication Between Components | Securing Communication Between the CRR and the CAST | Setting Security Configuration for CentraSite Application Server Tier Components
 
Setting Security Configuration for CentraSite Application Server Tier Components
To configure the secure communication for CentraSite Application Server Tier (CAST) through the Command Line Interface, you must have the CentraSite Administrator role.
You can define the SSL security values for use in the CentraSite Application Server Tier environment. CentraSite provides a command named set SSL RR for this purpose. To define the SSL security values for CentraSite Application Server Tier, you must perform the following high-level steps:
*Create a script (AST-config.xml) file.
*Execute the configuration file with appropriate input parameters.
*To set the security configuration for CentraSite application server tier components
1. Create a AST configuration file, AST-config.xml, to define the SSL security values specific for Application Server Tier environment.
The configuration file AST-config.xml should look as follows:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
<entry key="com.softwareag.centrasite.security.keyStore">
C:/SoftwareAG/CentraSite/test/files/certs/castcert.p12
</entry>
<entry key="com.softwareag.centrasite.security.keyStorePassword">
cscert
</entry>
<entry key="com.softwareag.centrasite.security.keyStoreType">
PKCS12
</entry>
<entry key="com.softwareag.centrasite.security.trustStore">
C:/SoftwareAG/CentraSite/test/files/certs/casttrust.p12
</entry>
<entry key="com.softwareag.centrasite.security.trustStorePassword">
cscert
</entry>
<entry key="com.softwareag.centrasite.security.trustStoreType">
PKCS12
</entry>
</properties>
Examine the AST-config.xml file. It contains at least the XML namespace used for providing uniquely named elements and attributes.
Note:
When AST and RR components are authenticated with the 2-way SSL environment, the authentication does not work if the security configuration of one of the components AST or RR is modified. So if you intend to modify the default security configuration, ensure that you modify the configuration for both components AST and CRR. In addition, ensure that you execute the set SSL RR command before you execute the set SSL AST command.
2. To define the SSL security values for CAST, run the command set SSL RR.
The syntax is of the format: C:\SoftwareAG\CentraSite\utilities>CentraSiteCommand.cmd set SSL AST -url <CENTRASITE-URL> -user <USER-ID> -password <PASSWORD> -file <CONFIG-FILE>
The input parameters are:
Parameter
Description
-url
The URL of the CentraSite registry. For example, http://localhost:53307/CentraSite/CentraSite.
-user
The user ID of a registered CentraSite user who has the CentraSite Administrator role. For example, Administrator.
-password
The password for the registered CentraSite user identified by the parameter -user.
-file
The absolute or relative path to the XML configuration file, AST-config.xml, containing the security properties. If relative, the path should be relative to the location from where the command is executed.
Note:
If you change the default configuration, this command modifies the SSL configuration for RR. A time stamped archive of the previous configuration will be available in the configuration file cast-config.YYYY-MM-DD_HH-MM-SS.xml in the folder <CentraSiteInstall_Directory>/cfg/archive.
Example:
C:\SoftwareAG\CentraSite\utilities>CentraSiteCommand.cmd set SSL AST -url http://localhost:53307/CentraSite/CentraSite -user Administrator -password manage -file AST-config.xml
The response to this command could be:
Executing the command : set SSL AST

Successfully executed the command : set SSL AST