The steps for configuring secure HTTP connections with
the IBM® UrbanCode® Deploy server
are similar to the steps for any Java™ Platform,
Enterprise Edition server.
To set up SSL security, you must have a certificate for the server. If you use certificates
that are self-signed or certificates that are issued by a certificate authority that is not trusted,
you must import these certificates into the trust store. A trust store contains trusted certificates
from servers and certificate authorities. Import the self-signed certificates, certificate authority
certificates, and intermediate certificate authority certificates to the
JRE_install/jre/lib/security/cacerts file. For an example of
importing a certificate to a trust store, see the Importing the Certificate Reply from the CA topic in the IBM SDK, Java Technology Edition help.In the case of LDAP servers, SSL certificates must have valid
chains of authority. If you use your own certificate authority, add that certificate authority to
the local trust store.
Because the IBM UrbanCode Deploy server
runs on Apache Tomcat, you can refer to the instructions for configuring security on Tomcat on the Apache Tomcat website. You can enable SSL security for Apache Tomcat
when you install IBM UrbanCode Deploy. If you
enable SSL security during installation, a self-signed certificate is generated and added to the
tomcat.keystore file. The common name (CN) in the self-signed certificate is
set to 0.0.0.0.Note: The presence of a self-signed certificate is flagged as a warning by many web
browsers when you connect to an IBM UrbanCode Deploy server
that uses a self-signed certificate in the tomcat.keystore
file.
Setting up SSL security for the server involves these
general steps:
- Transfer the files for the certificate to the computer
that hosts the IBM UrbanCode Deploy server.
- Add the certificate to the server keystore.
The server has a default keystore in the
server_install/opt/tomcat/conf/tomcat.keystore
file. The default password for this keystore is changeit
.
-
Edit the
tomcat.key.alias
property in the
installed.properties file.
tomcat.key.alias=alias_of_your_certificate_in_tomcat_keystore
- Restart the server.
-
Similarly, add the same certificate to the keystore of each agent and agent relay.
For example, the default location of an agent keystore is
agent_install/conf/agent.keystore.
- Optional: To configure secure communication
between the IBM UrbanCode Deploy server
and an LDAP server, add the LDAP server certificate to the JRE_install/jre/lib/security/cacerts file.
This file is on the IBM UrbanCode Deploy server.
Use the installation folder of the JRE for JRE_install.