Securing Communication Between Command Central and Universal Messaging

Edit online

How does Command Central Connect to Universal Messaging?

Edit online

Command Central uses one of the Universal Messaging ports (interfaces) for configuration and administration. Command Central checks the interfaces of a Universal Messaging server instance in the following order and chooses the first available interface to connect to the server:

  1. Interfaces that use the HTTP protocol (nhp).
  2. Interfaces that use the socket protocol (nsp).
  3. Interfaces that use the HTTPS protocol (nhps).
  4. Interfaces that use the SSL protocol (nsps).
  5. Interfaces that use the shared memory protocol (shm).

If Command Central disconnects from the Universal Messaging server, Command Central uses the same order to connect to a new Universal Messaging port.

About Securing Communication Between Command Central and Universal Messaging

Edit online
Important: To guarantee secure communication between Command Central and Universal Messaging, you must have only an nhps or nsps port (interface) configured on the Universal Messaging server. For information about how to create a port and how to configure an nhps or nsps port specifically, see Working with Universal Messaging Configuration Types, NHPS Ports, and NSPS Ports, respectively.

When the Universal Messaging server instance is configured with a single nhps or nsps interface, Command Central uses this interface to connect automatically to the Universal Messaging server. By default, Command Central uses the same truststore file and, in case of client-side authentication, the same keystore file that are configured in the nhps or nsps interface.

If you want to specify truststore and keystore files that are different from the ones configured in the nhps or nsps interface, you can use either the standard Java Secure Socket Extension (JSSE) system properties or the Universal Messaging client system properties for secure communication. For information about how to configure the properties, see Configuring the JSSE System Properties and Configuring the Universal Messaging Client Properties.

Considerations When Using System Properties to Specify Truststore and Keystore Files

Edit online

Consider the following information before you use system properties to specify custom truststore and keystore files for secure communication between Command Central and a Universal Messaging server instance:

  • If you want to connect to a Universal Messaging server instance that is part of a cluster or a zone, or that you plan to add to a cluster or a zone, ensure that the custom truststore contains the certificates of all server instances that are part of the cluster or zone.
  • Configuring the standard JSSE system properties might impact all product instances that use secure sockets layer (SSL) in the same Platform Manager installation.