Communication protocols and network settings

The different Operational Decision Manager modules can exchange information through network connections using the HTTP or HTTPS communication protocols.

If you want communication to work for self-signed HTTPS certificates, or if you need to use an HTTP proxy server connection, you must configure the client module involved in the exchange.

The following table shows which Operational Decision Manager module is the client and which is the server in the different network exchanges.

Table 1. Client/server exchanges
Client	Server	Purpose
Rule Designer	Decision Center	Synchronizing rule projects
Rule Designer	Rule Execution Server	Deploying decision services
Decision Center	Rule Execution Server	Deploying decision services

Ant tasks are available to automate the task being initiated by the client module. When using these tasks, you must also configure the communication protocol.

Self-signed SSL certificates for development

You can use self-signed SSL certificates when you are developing. In production, use only HTTPS connection with trusted server certificates. If you try to connect using a demo certificate that is not trusted by the default JVM, you will get an SSL handshake exception.

To enable communication to work with self-signed certificates, add the Java™™ system property:

-Dcom.ibm.rules.httpclient.allowSelfSignedCertificates=true

The following table shows where to add the property depending on the client module:

Client module	Where
Rule Designer	In the eclipse.ini file of your Rule Designer installation as a single line at the end of the file.
Decision Center	In the configuration of the application server. For example, in the Liberty profile, in jvm.options.
Ant tasks	Set the Java system property in `ANT_OPTS`: `set ANT_OPTS=-Dcom.ibm.rules.httpclient.allowSelfSignedCertificates=true`

Client module

Where

Rule Designer

In the eclipse.ini file of your Rule Designer installation as a single line at the end of the file.

Decision Center

In the configuration of the application server. For example, in the Liberty profile, in jvm.options.

Ant tasks

Set the Java system property in ANT_OPTS:

set ANT_OPTS=-Dcom.ibm.rules.httpclient.allowSelfSignedCertificates=true

Note: The properties -Dilog.rules.res.allowSelfSignedCertificate and -Dilog.rules.teamserver.allowSelfSignedCertificate can still be used, but are being deprecated.

Hostname verification

For added security, hostname verification enforces the matching of the certificate common name with the hostname in the URL. In production, you should always enforce hostname verification. During development, when using trusted server certificates, you can set the verifyHostname flag to true to bypass hostname verification.

Proxy server configuration

If your enterprise requires you to use an HTTP proxy to connect to Rule Execution Server or Decision Center.

If the client module is Decision Center, specify the proxy server in the internet options of your operating system. For example, for Internet Explorer:
1. Open Internet Explorer.
2. Open Tools > Internet options > Connections. For your type of network, do the following:
  - Dial-up or private network: Select your configuration and click Settings.
  - Local area network: Click LAN.
3. Select Use a proxy server.
4. Enter your proxy server address in Address, and your proxy port in Port.
5. Save your changes.
If the client module is Rule Designer, add the proxy server to your Eclipse preferences.
1. Click Preferences > General > Network Connection.
2. Set Active Provider to Manual.
3. Edit the HTTP and HTTPS proxy entries so that they correspond to your proxy server.
4. Save your changes.

Note: See Java Networking and Proxies for a description of the different properties, which remain valid.