Securing communications between Process Portal and Process Federation Server

Communication between Process Portal and servers in the federated environment is secured with the Secure Sockets Layer (SSL) protocol. To secure communication, ensure that Process Portal browsers are configured with the signer certificates for Process Federation Server and each of the federated systems.

Before you begin

If Process Portal connects directly to components in the federated environment, ensure that a signer certificate is available for Process Federation Server and for each of the federated systems. If Process Portal connects through IBM HTTP Servers instead, ensure that the signer certificates are available for each of the IBM HTTP Servers.

About this task

Inbound communication to Process Federation Server is secured with Secured Sockets Layer (SSL).
A browser that displays Process Portal (or a custom client application) must have the following signer certificates:
  • If the browser connects directly to the federated environment, a signer certificate for each of the process federation servers and federated systems that it communicates with.
  • If the browser connects to the federated environment through IBM HTTP Server, a signer certificate for each of the IBM HTTP Servers.
To increase security and simplify configuration, use certificate authority (CA) signed certificates that are trusted by the users' browsers for all the components in your federated environment.

If CA-signed certificates are not used, for example, in a development or test environment, users must import signer certificates into their browsers before they use Process Portal in the federated environment. The signer certificate can be manually imported into the browser. Alternatively, the user can go to the URL for each component in the federated environment that Process Portal communicates with, and accept the certificate when prompted.

Procedure

If CA-signed certificates are not used and the certificates from the federated environment are not available in users' browsers, users can go to the URL for each of the components in the federated system and accept the associated signer certificate when prompted by the browser.

Tip: If IBM HTTP Server is used, the URL is the IBM HTTP Server URL instead of the Process Federation Server URL or the URL for the federated system.

  • From the Process Portal browser, go to a URL on each federated system, for example, the Process Portal URL: https://bpm_host.mycompany.com:9443/ProcessPortal.
    Import the signer certificate if prompted to do so by the browser.
  • From the Process Portal browser, go to a Process Federation Server URL, for example, the systems REST service: https://pfs_host.mycompany.com:9443/rest/bpm/federated/v1/systems.
    Import the signer certificate if prompted to do so by the browser.

Results

The Process Portal browser now has all the signer certificates that it requires to work properly.