Configuring SSL for application servers
You can install IBM® SPSS® Collaboration and Deployment Services Repository Server against an SSL-enabled database. Follow the steps below for your application server:
JBoss
Refer to your JBoss EAP 7.x documentation for instructions on enabling SSL/TLS. SSL is enabled by default in JBoss EAP 7.x. Make customizations as follows:
- Create a key file with Java keystore format. For
example:
keytool -genkey -alias cads822 -keyalg RSA -ext san=ip:*.**.**.** -keystore myserver.jks -validity 10950
Make sure the common name (CN) is the fully qualified domain name (FQDN) of the system where IBM SPSS Collaboration and Deployment Services Repository is installed. The
ip
is the IP address of the IBM SPSS Collaboration and Deployment Services Repository Server.If your key file is in a format other than keystore, transform it into Java keystore format first.
- Update the following SSL settings in the file cds_server.xml, located at
JBOSS_HOME\standalone\configuration:
<security-realm name="CaDSRealm"> <server-identities> <ssl> <keystore path="JBOSS_HOME\standalone\configuration\myserver.jks" keystore-password="xxxx" alias="cads822"/> </ssl> ... </security-realm>
Where the value for alias is the same name you used for creating the key file.
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="CaDSRealm"/>
<https-listener name="https" socket-binding="https" security-realm="CaDSRealm" enable-http2="true"/>
- Optional: You can make changes to port configuration. For example, change the default JBoss
HTTPS port from
8443
to443
under<socket-binding-group>
in the filecds_server.xml
:<socket-binding-group name="standard-sockets" default-interface="public" ...> <socket-binding name="http" port="80" /> <socket-binding name="https" port="443" /> ... </socket-binding-group>
Liberty
Refer to your JBoss EAP 7.x documentation for instructions on enabling SSL/TLS. SSL is enabled by default in JBoss EAP 7.x. Make customizations as follows:
- Create a key file with Java keystore format. For
example:
keytool -genkey -alias test.jks -keyalg RSA san=ip:*.**.**.** -validity 20000 -keystore test.jks
Make sure the common name (CN) is the fully qualified domain name (FQDN) of the system where IBM SPSS Collaboration and Deployment Services Repository is installed. The
ip
is the IP address of the IBM SPSS Collaboration and Deployment Services Repository Server.If your key file is in a format other than keystore, transform it into Java keystore format first.
- Update the file server.xml located at
CADS_HOME\wlp\usr\servers\cdsServer with the new keystore file
information:
<keyStore id="defaultKeyStore" location=".\test.jks" type="JKS" password="xxxx"/>
WebSphere
Refer to your WebSphere documentation for instructions on enabling SSL/TLS.