Setting up Content Platform Engine and client transport SSL security

Configuring SSL enables secure communications between the Content Platform Engine and the directory service, as well as between Content Platform Engine clients and the Content Platform Engine server.

About this task

Important: It is a best practice to enable SSL for the Content Engine and Process Engine web services (CEWS and PEWS). Authentication over these two web services is usually performed by providing username and password credentials. If these web services are not configured to run over an SSL connection, clear text passwords will be sent across the network. (However, this is not true when Kerberos-based authentication is used. Kerberos authentication is available only for the Content Platform Engine web service.) The option not to use SSL over these two web services is provided primarily for development systems or other non-production systems where the security provided by SSL might not be required.

It is also a best practice to enable TLS/SSL for EJB transport because unencrypted user passwords might be sent in default configurations. Configuring EJB transport for the secure exchange of credentials and payloads is application server-specific.

  • The Content Platform Engine web service is used:
    • By all clients of the Content Platform Engine .NET API
    • By all clients of the Content Platform Engine COM Compatibility API (CCL)
    • By the FileNet® Deployment Manager tool
    • By Component Manager
  • Certain Java™ applications (written against the Content Platform Engine zJava API) might use the Content Platform Engine web service transport, but typically they would use EJB transport (IIOP or T3 protocol).