Configuring the SSL connection between the Dispatcher and the AWS IAM server

To enable communication between the adapter and the AWS IAM server, you must configure keystores for the Dispatcher.

About this task

For more information about SSL configuration, see the Dispatcher Installation and Configuration Guide.

Procedure

  1. Open a browser.
  2. Log in to https://console.aws.amazon.com/iam with a user that is created. See Creating a service user.
  3. View the certificate.
    • Click SSL lock.
    • If your browser reports that revocation information is not available, click View Certificate.
  4. Click Certification Path
  5. Select the CA Root certificate.
  6. Export the certificate into a file that is encoded in the Base64 format.
  7. Complete one of the following actions.
    • If the Dispatcher already has a configured keystore, use the keytool.exe program to import the AWS IAM Server certificate. Type the command on a single line.
      keytool -import -alias awsiam -file c:\AWSIAMCertificate.crt 
-keystore c:\truststore.jks -storepass passw0rd
    • If the keystore is not configured, create it by running the following command from a command prompt. Type the command on a single line.
      keytool -import -alias awsiam -file c:\AWSIAMCertificate.crt 
-keystore c:\truststore.jks -storepass passw0rd
      1. Download the Base-64 encoded X.509 (.CER) format of the CA certificate Root 1 - Equifax Secure Certificate Authority. Go to the GeoTrust website and search for ca certificates.
      2. Import the certificate into the keystore.
        keytool -import -alias Equifax -file C:\Equifax_Secure_Certificate_Authority.cer
 -keystore C:\truststore.jks -storepass passw0rd
  8. Edit ITDI_HOME/timsol/solution.properties file to specify truststore and keystore information.
    In the current release, only jks-type is supported: 
    # Keystore file information for the server authentication. 
# It is used to verify the server's public key. 
# example 
javax.net.ssl.trustStore=truststore.jks 
javax.net.ssl.trustStorePassword=passw0rd 
javax.net.ssl.trustStoreclass=jks
  9. After you modify the solution.properties file, restart the Dispatcher.
    For more information about SSL configuration, see the Dispatcher Installation and Configuration Guide.