Planning for a secure communication with IBM Content Navigator

You must configure an HTTPS connection with both server authentication and client authentication.

For the server authentication, you need a certificate for the Collector Server instance, which you store in the SSL keystore. For the client authentication, you need a certificate from the web application server that hosts IBM Content Navigator. You usually store this certificate in the keystore for trusted certificates, the SSL truststore.

Both the SSL keystore and the SSL truststore are protected by passwords that you specify when you start the Collector Server instance and that are stored in the password file.

Create an SSL keystore and an SSL truststore for each instance of Collector Server. Store the SSL keystore and SSL truststore anywhere on the system where Collector Server is installed. It is good practice, however, to store them in the instance directory. Make sure that they are properly protected in your file system.

If the Collector Server instance also communicates with SAP, you must use the same Collector Server instance and the same SSL truststore as for the HTTPS communication with SAP.

To create the SSL keystore, the SSL truststore, and the certificates and to export and import the certificates, you can use the Java™ Keytool or the IBM Key Management Utility (IKEYMAN). Both tools are part of the IBM Java Runtime Environment (JRE) that is supplied with Content Collector for SAP.

For information about how to set up the connection to IBM Content Navigator, see Configuring the communication with IBM Content Navigator.