Enabling server-to-server trust

Use this procedure to enable load balanced nodes to connect to each other and send notifications.

About this task

These steps are required to enable load balancing between the participating nodes. Complete these steps on each node.

Procedure

  1. In a text editor, open the ssl.client.props file from the JazzSM_WAS_Profile/properties directory.
  2. Uncomment the section that starts with com.ibm.ssl.alias=AnotherSSLSettings so that it looks like this:
    com.ibm.ssl.alias=AnotherSSLSettings
    com.ibm.ssl.protocol=SSL_TLSv2
    com.ibm.ssl.securityLevel=HIGH
    com.ibm.ssl.trustManager=IbmX509
    com.ibm.ssl.keyManager=IbmX509
    com.ibm.ssl.contextProvider=IBMJSSE2
    com.ibm.ssl.enableSignerExchangePrompt=true
    #com.ibm.ssl.keyStoreClientAlias=default
    #com.ibm.ssl.customTrustManagers=
    #com.ibm.ssl.customKeyManager=
    #com.ibm.ssl.dynamicSelectionInfo=
    #com.ibm.ssl.enabledCipherSuites=
  3. Uncomment the section that starts with com.ibm.ssl.trustStoreName=AnotherTrustStore so that it looks like this:
    # TrustStore information
    com.ibm.ssl.trustStoreName=AnotherTrustStore
    com.ibm.ssl.trustStore=${user.root}/config/cells/JazzSMNode01Cell/nodes/JazzSMNode01/trust.p12
    com.ibm.ssl.trustStorePassword={xor}CDo9Hgw=
    com.ibm.ssl.trustStoreType=PKCS12
    com.ibm.ssl.trustStoreProvider=IBMJCE
    com.ibm.ssl.trustStoreFileBased=true
    com.ibm.ssl.trustStoreReadOnly=false
  4. Update the location of the trust store that the signer should be added to in the com.ibm.ssl.trustStore property of AnotherTrustStore by replacing the default value com.ibm.ssl.trustStore=${user.root}/etc/trust.p12 with the correct path for your trust store. Example:
    com.ibm.ssl.trustStore=${user.root}/config/cells/JazzSMNode01Cell/nodes/JazzSMNode01/trust.p12
    After the update, the section must look like this:
    com.ibm.ssl.trustStoreName=AnotherTrustStore
    com.ibm.ssl.trustStore=${user.root}/config/cells/JazzSMNode01Cell/nodes/JazzSMNode01/trust.p12
    com.ibm.ssl.trustStorePassword={xor}CDo9Hgw=
    com.ibm.ssl.trustStoreType=PKCS12
    com.ibm.ssl.trustStoreProvider=IBMJCE
    com.ibm.ssl.trustStoreFileBased=true
  5. Save your changes to ssl.client.props.
  6. Stop and restart the Jazz® for Service Management application server:
    1. In the JazzSM_WAS_Profile/bin directory, depending on your operating system, enter one of the following commands:
      • For Windows operating systemstopServer.bat server1
      • For UNIX operating systemFor Linux operating systemstopServer.sh server1
        Note: On UNIX and Linux systems, you are prompted to provide an administrator username and password.
    2. In the JazzSM_WAS_Profile/bin directory, depending on your operating system, enter one of the following commands:
      • For Windows operating systemstartServer.bat server1
      • For UNIX operating systemFor Linux operating systemstartServer.sh server1
  7. Stop and restart the server.
  8. Complete all of the steps so far on each node before you continue with the rest of the steps.
  9. Run the following command on each node for each myremotehost (that is, for every node that you want to enable trust with) in the cluster:
    • For Windows operating systemJazzSM_WAS_Profile\bin\retrieveSigners.bat NodeDefaultTrustStore AnotherTrustStore -host myremotehost -port remote_SOAP_port
    • For UNIX operating systemFor Linux operating systemJazzSM_WAS_Profile/bin/retrieveSigners.sh NodeDefaultTrustStore AnotherTrustStore -host myremotehost -port remote_SOAP_port
    where myremotehost is the name of the computer to enable trust with; remote_SOAP_port is the SOAP connector port number (16313 is the default). If you have installed with non-default ports, check JazzSM_WAS_Profile/properties/portdef.props for the value of SOAP_CONNECTOR_ADDRESS and use that.
  10. Stop and restart the Jazz for Service Management application server:
    1. In the JazzSM_WAS_Profile/bin directory, depending on your operating system, enter one of the following commands:
      • For Windows operating systemstopServer.bat server1
      • For UNIX operating systemFor Linux operating systemstopServer.sh server1
        Note: On UNIX and Linux systems, you are prompted to provide an administrator username and password.
    2. In the JazzSM_WAS_Profile/bin directory, depending on your operating system, enter one of the following commands:
      • For Windows operating systemstartServer.bat server1
      • For UNIX operating systemFor Linux operating systemstartServer.sh server1
  11. Stop and restart the server.

Example

In this example, the load balancing cluster is comprised of two Microsoft Windows nodes named myserver1 and myserver2. The command entered on myserver1:
retrieveSigners.bat NodeDefaultTrustStore AnotherTrustStore -host myserver2 -port 16313
The command entered on myserver2:
retrieveSigners.bat NodeDefaultTrustStore AnotherTrustStore -host myserver1 -port 16313