To use external key management for your FileNetĀ®
P8
system, you configure the SSL connection in the WebSphere Application
Server
administration console.
Before you begin
This process assumes that you have already configured WebSphere Application
Server to use with your Content Platform Engine
environment. Review the requirements in Configuring WebSphere for Content Platform Engine to
ensure that your application server is set up properly before you continue with these
steps.
Procedure
To configure the SSL connection in WebSphere Application
Server for
external key management:
-
In the WebSphere Application
Server administration console, expand the
Security node in the navigation pane, and click SSL certificate
and key management.
-
From the Related items list, click SSL
configurations.
-
In the SSL configurations page, click New to
create the SSL configuration.
Provide the following details:
- Name: kmipSSLSettings
- Trust store name: Add the name of the trust store that you just
configured, kmipTrustStore.
- Keystore name: Add the name of the keystore that you just configured,
kmipKeyStore.
- Click Get certificate aliases to fill in the Default client certificate
alias, cpeclient.
- Management scope: Set to the location where the Content Platform Engine server will be deployed.
Note: For WebSphere Application
Server V8.5.5. only, if you plan to upgrade from
SKLM 3.0.0 to 3.0.1, you must also upgrade the JDK that is used by WebSphere Application
Server. Go to , and update
the SSL protocol for the KMIP server to TLSv1.2 or TLSv2.
-
Apply your changes and save the configuration.