Securing the Central Configurator in My webMethods Server
Communications between the configuration portlets and back-end web-application can be secured even if the primary My webMethods Server instance is not. This is because the Central Configurator web-application creates its own Glue based HTTP server. This server can be configured to require the use of SSL for its in bound connections. To enable SSL in the Central Configurator, several configuration files must be changed manually. The SSL key and trust stores are configured through My webMethods Server server.properties batch or shell script.
The "server.properties.bat" (Windows) or "server.properties.sh" (Unix) files contain the environment settings for the My webMethods Server instance. In this file the JVM, debug, SSL, JMX, HTTP and other options are specified. For SSL, the key and trust store variables define the key and trust store file locations, their type, and finally the access password. Note that once the My webMethods Server instance is started or restarted the password variables values will be encrypted. For more information see Administering My webMethods Server.
To secure the Central Configurator in
My webMethods Server1. In Windows, open the Software AG_directory\MWS\server\default\bin\server.properties.bat file. If you have a Unix-based system, the filename will be server.properties.sh.
2. Edit the appropriate section of the file based on the example that follows. Note that the paths and values shown may not be applicable to your system configuration:
# SSL Properties
set.JAVA_KEYSTORE=Software AG_directory\MWS\server\default\config
\security\localhost.p12
set.JAVA_KEYSTORETYPE=pkcs12
set.JAVA_KEYSTORE_PASSWORD=encrypted_password
set.JAVA_TRUSTSTORE=Software AG_directory\MWS\server\default\config
\security\sagdemoca.jks
set.JAVA_TRUSTSTORETYPE=jks
set.JAVA_TRUSTSTORE_PASSWORD=encrypted_password
3. Save your changes to the serverproperties.xml file and close it.
4. Open the Software AG_directory\MWS\server\default\config\engine\GlueServiceRegistryProperties.xml file.
5. Locate the web service protocol configuration, and update it from “http” to “https”.
6. Save and close the GlueServiceRegistryProperties.xml file.
7. Restart My webMethods Server and examine the log to verify that it started cleanly.
8. Open the Software AG_directory \optimize\<component>\conf\system\EndpointRegistry.xml file in an appropriate text editor. Note that <component> should be replaced with the Optimize component for which SSL is being configured.
9. Edit the Configuration Agent protocol entry to be https.
To save time, you can change the protocol for all applicable web services at the same time, if it makes sense for your situation.
10. Open the Software AG_directory \optimize\<component>\conf\glue\GlueSSLProperties.xml file in an appropriate text editor. Note that <component> should be replaced with the Optimize component for which SSL is being configured.
11. Edit the appropriate section of the file based on the example that follows. Note that the paths and values shown may not be applicable to your system configuration:
<entry key=”keyStore”>./security/ssl/glueKeyStore.jks</entry>
<entry key=”keyStoreType”>jsk</entry>
<entry key=”keyStorePasswordHandle”>keyStoreHandle</entry>
<entry key=”trustStore”>./security/ssl/glueTrustStore.jks</entry>
<entry key=”trustStoreType”>jsk</entry>
<entry key=”trustStorePasswordHandle”>trustStoreHandle</entry>
Note:
Paths must be relative to
Software AG_directory \optimize\
<component>\conf. For further information on adding a password-handle to the Optimize Password Manager, see
webMethods Password Administrator Utility.
There are several ways to verify SSL configuration. If you are running the Analytic Engine as a console application on a Windows server, you can check the console window.