Configuring SSL for application servers

You can install IBM® SPSS® Collaboration and Deployment Services Repository Server against an SSL-enabled database. Follow the steps below for your application server:

JBoss

Refer to your JBoss EAP 7.x documentation for instructions on enabling SSL/TLS. SSL is enabled by default in JBoss EAP 7.x. Make customizations as follows:

  1. Create a key file with Java keystore format. For example:
    keytool -genkey -alias cads822  -keyalg RSA -ext san=ip:*.**.**.**  -keystore myserver.jks -validity 10950

    Make sure the common name (CN) is the fully qualified domain name (FQDN) of the system where IBM SPSS Collaboration and Deployment Services Repository is installed. The ip is the IP address of the IBM SPSS Collaboration and Deployment Services Repository Server.

    If your key file is in a format other than keystore, transform it into Java keystore format first.

  2. Update the following SSL settings in the file cds_server.xml, located at JBOSS_HOME\standalone\configuration:
    <security-realm name="CaDSRealm">
<server-identities>
<ssl>
<keystore path="JBOSS_HOME\standalone\configuration\myserver.jks" keystore-password="xxxx" alias="cads822"/>
</ssl>
...
</security-realm>

    Where the value for alias is the same name you used for creating the key file.

    <http-connector name="http-remoting-connector" connector-ref="default" security-realm="CaDSRealm"/>
    <https-listener name="https" socket-binding="https" security-realm="CaDSRealm" enable-http2="true"/>
  3. Optional: You can make changes to port configuration. For example, change the default JBoss HTTPS port from 8443 to 443 under <socket-binding-group> in the file cds_server.xml:
    <socket-binding-group name="standard-sockets" default-interface="public" ...>
<socket-binding name="http" port="80" />
<socket-binding name="https" port="443" />
...
</socket-binding-group>

Liberty

Refer to your JBoss EAP 7.x documentation for instructions on enabling SSL/TLS. SSL is enabled by default in JBoss EAP 7.x. Make customizations as follows:

  1. Create a key file with Java keystore format. For example:
    keytool -genkey -alias test.jks -keyalg RSA san=ip:*.**.**.**  -validity 20000 -keystore test.jks

    Make sure the common name (CN) is the fully qualified domain name (FQDN) of the system where IBM SPSS Collaboration and Deployment Services Repository is installed. The ip is the IP address of the IBM SPSS Collaboration and Deployment Services Repository Server.

    If your key file is in a format other than keystore, transform it into Java keystore format first.

  2. Update the file server.xml located at CADS_HOME\wlp\usr\servers\cdsServer with the new keystore file information:
    <keyStore id="defaultKeyStore" location=".\test.jks" type="JKS" password="xxxx"/>

WebSphere

Refer to your WebSphere documentation for instructions on enabling SSL/TLS.