Secure Communication Between the CRR and the CAST
The communication between the CRR and the CAST components takes place via 2-way SSL authentication. For this full client/server SSL communication, the client and server must accept each other's certificates. This means that the CAST and CRR stores need to have matching certificates for the communication to work.
The CAST components have access to an SSL context to establish an SSL (HTTPS) connection to the CRR. The SSL authentication establishes a trusted relationship between the CentraSite Server on the CAST and the CRR. Therefore no user re-authentication needs to be performed by the CRR.
The CentraSite installation comes with self-signed certificates from Software AG.
You can configure a secure communication between the CRR and CAST by executing the following commands in the command line interface CentraSiteCommand.cmd (Windows) or CentraSiteCommand.sh (UNIX) of Command Central. The command line tool is located in <SuiteInstallDir>/CentraSite/utilities.
If you start this command line tool with no parameters, you receive a help text summarizing the required input parameters.
The parameters of the command are case-sensitive, so for example the parameter -file must be specified as shown and not as -FILE.
Note: | Keep in mind that you must execute the AST or RR command on the machine hosting an CAST or CRR environment. |
You can disable the SSL communication between the CRR and the CAST components. However, Software AG strongly recommends you not to do this, because it opens a potential security risk.