Configuring SSL for Box

Enable SSL on the application server for each instance of IBM Content Navigator to access the Box application.

To configure SSL for Box complete the following steps:

1. Log in to the WebSphere Application Server Admin console where IBM Content Navigator is deployed.
2. Go to the appropriate Signer certificates control option.
   • For cluster configuration, go to Security > SSL certificate and Key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates.
   • For stand-alone configuration, go to Security > SSL certificate and Key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates
3. Click Retrieve from port
4. Specify the Box host name URL for your specific Box application.
   For example, in the Host field, enter ecmdev.app.box.com, and in the Port field, enter 443.
5. Provide an alias name for your specific Box application certificate.
   For example, boxecm.
6. Click Retrieve signer information.
7. Save the certificate, and save your changes.
8. Repeat steps 2 to 7 to retrieve the certificate from the box.com host with port 443.
9. Restart all instances of the IBM Content Navigator server.

   If your version of WebSphere is not up to date with the POODLE vulnerability fix, also complete the following steps:

   1. Go to Servers > Server Types > WebSphere application servers.
   2. For each IBM Content Navigator server, click the server name > Java and Process Management > Process definition > Java Virtual Machine.
   3. For generic JVM arguments, add the argument -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2.
   4. Save your changes.
   5. Restart all instances of the IBM Content Navigator server.

   For more information about the POODLE vulnerability, see Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere Application Server (CVE-2014-3566)