If you installed a secure Lightweight Directory Access
Protocol (LDAPS) server that supports secure sockets layer (SSL)
or transport layer security (TLS) encryption, you must specify
information that enables the administration console and user applications
to communicate with the server to authenticate users. If the system
is configured to use WebSphere® Application
Server,
SSL settings must be configured through WebSphere Application
Server global security.
About this task
There are two aspects to configuring support for SSL
in the
Watson Content Analytics system:
- Enable support for secure HTTPS communication between the Watson Content Analytics servers and user applications
(the content analytics miner and enterprise search applications).
To enable this support, you must import a keystore file
and activate HTTPS transport settings.
- Enable support for LDAP over SSL. Enabling this support involves
cross-certification between the Watson Content Analytics server and LDAPS server,
and configuring the embedded application server to use
the LDAPS server to authenticate users. You must configure
your LDAP server to support SSL before you attempt to use the
server with Watson Content Analytics.
For details, see the documentation for your LDAP server
product.
Procedure
To configure SSL and server transport settings:
- Configure the embedded application server to support the
HTTPS transport protocol.
- Purchase a digital certificate from a
certificate authority and prepare a keystore
file.
Tip: If
you want to use self-signed certificate for test or
development purposes, you can create a certificate
by using the keytool tool.
This tool is bundled with the Java
runtime environment (JRE) in the
ES_INSTALL_ROOT/_jvm/bin/keytool directory.
See the Java documentation if you
need information about using the tool.
- In the administration console, click Security to
open the Security view, and then
click .
- Click Browse to locate the keystore
file that you prepared, and specify the
password for the file.
- Select the check boxes to enable HTTPS for the administration
console and user applications, and specify the port
numbers that you want to use for encrypted communications.
Clear or select the check boxes to support HTTP communication, as
appropriate for your environment, and specify the correct
HTTP port numbers.
- Click OK to import the keystore
file and to save the HTTPS and HTTP values that you
specified.
- Restart the administration console. If any user applications
are running, restart them. Because
the certificate is not recognized as certified by your browser, you
might see a warning message that indicates it is an
untrusted certificate. You can ignore this message.
- Configure the embedded application server to use your LDAPS
server to authenticate users.
- In the administration console, click Security to
open the Security view, and then
click .
- Click Download Keystore to download
the keystore file that you previously
imported into the Watson Content Analytics server.
- Import the LDAP server certificate into the downloaded
keystore file and save it as a trusted certificate.
- On the Configure SSL and Server Transport
Settings page, click Browse to
locate the keystore file that you updated,
and specify the password for the file.
- Click OK to import the keystore
file. The Watson Content Analytics server
can now recognize the LDAP server as a
trusted server.
- Test the connection to the LDAPS server:
- On the Security view of the administration
console, click .
- Configure the LDAP server connection and filter properties,
but do not select the Use LDAP
over SSL (LDAPS) check box.
Specify the non-SSL LDAP server port number, such as 389. Test the
connection and filters to ensure that
communication between the Watson Content Analytics server
and LDAP server is working correctly.
- Select the Use LDAP over SSL (LDAPS) check
box and change the connection port number
to the LDAPS server port, such as 636.
Test the connection and filters to ensure that communication
between the Watson Content Analytics server and
LDAPS server is working correctly.
- Restart the Watson Content Analytics system:
esadmin system stopall
esadmin system startall