Configuring SSL and server transport settings for the embedded web application server

If you installed a secure Lightweight Directory Access Protocol (LDAPS) server that supports secure sockets layer (SSL) or transport layer security (TLS) encryption, you must specify information that enables the administration console and user applications to communicate with the server to authenticate users. If the system is configured to use WebSphere® Application Server, SSL settings must be configured through WebSphere Application Server global security.

To configure SSL and server transport settings:

1. Configure the embedded application server to support the HTTPS transport protocol.
   1. Purchase a digital certificate from a certificate authority and prepare a keystore file.
      Tip: If you want to use self-signed certificate for test or development purposes, you can create a certificate by using the keytool tool. This tool is bundled with the Java runtime environment (JRE) in the ES_INSTALL_ROOT/_jvm/bin/keytool directory. See the Java documentation if you need information about using the tool.
   2. In the administration console, click Security to open the Security view, and then click Actions > Configure SSL and server transport settings.
   3. Click Browse to locate the keystore file that you prepared, and specify the password for the file.
   4. Select the check boxes to enable HTTPS for the administration console and user applications, and specify the port numbers that you want to use for encrypted communications. Clear or select the check boxes to support HTTP communication, as appropriate for your environment, and specify the correct HTTP port numbers.
   5. Click OK to import the keystore file and to save the HTTPS and HTTP values that you specified.
   6. Restart the administration console. If any user applications are running, restart them. Because the certificate is not recognized as certified by your browser, you might see a warning message that indicates it is an untrusted certificate. You can ignore this message.
2. Configure the embedded application server to use your LDAPS server to authenticate users.
   1. In the administration console, click Security to open the Security view, and then click Actions > Configure SSL and server transport settings.
   2. Click Download Keystore to download the keystore file that you previously imported into the Watson Content Analytics server.
   3. Import the LDAP server certificate into the downloaded keystore file and save it as a trusted certificate.
   4. On the Configure SSL and Server Transport Settings page, click Browse to locate the keystore file that you updated, and specify the password for the file.
   5. Click OK to import the keystore file. The Watson Content Analytics server can now recognize the LDAP server as a trusted server.
3. Test the connection to the LDAPS server:
   1. On the Security view of the administration console, click Actions > Configure application login settings.
   2. Configure the LDAP server connection and filter properties, but do not select the Use LDAP over SSL (LDAPS) check box. Specify the non-SSL LDAP server port number, such as 389. Test the connection and filters to ensure that communication between the Watson Content Analytics server and LDAP server is working correctly.
   3. Select the Use LDAP over SSL (LDAPS) check box and change the connection port number to the LDAPS server port, such as 636. Test the connection and filters to ensure that communication between the Watson Content Analytics server and LDAPS server is working correctly.
4. Restart the Watson Content Analytics system:

   esadmin system stopall
   esadmin system startall