Communication protocols and network settings
The different Operational Decision Manager modules can exchange information through network connections using the HTTP or HTTPS communication protocols.
If you want communication to work for self-signed HTTPS certificates, or if you need to use an HTTP proxy server connection, you must configure the client module involved in the exchange.
The following table shows which Operational Decision Manager module is the client and which is the server in the different network exchanges.
Client | Server | Purpose |
---|---|---|
Rule Designer | Decision Center | Synchronizing rule projects |
Rule Designer | Rule Execution Server | Deploying decision services |
Decision Center | Rule Execution Server | Deploying decision services |
Ant tasks are available to automate the task being initiated by the client module. When using these tasks, you must also configure the communication protocol.
Self-signed SSL certificates for development
You can use self-signed SSL certificates when you are developing. In production, use only HTTPS connection with trusted server certificates. If you try to connect using a demo certificate that is not trusted by the default JVM, you will get an SSL handshake exception.
To enable communication to work with self-signed certificates, add the Java™™ system property:
-Dcom.ibm.rules.httpclient.allowSelfSignedCertificates=true
Client module | Where |
---|---|
Rule Designer | In the eclipse.ini file of your Rule Designer installation as a single line at the end of the file. |
Decision Center | In the configuration of the application server. For example, in the Liberty profile, in jvm.options. |
Ant tasks | Set the Java system property in ANT_OPTS: set ANT_OPTS=-Dcom.ibm.rules.httpclient.allowSelfSignedCertificates=true |
Hostname verification
For added security, hostname verification enforces the matching of the certificate common name with the hostname in the URL. In production, you should always enforce hostname verification. During development, when using trusted server certificates, you can set the verifyHostname flag to true to bypass hostname verification.
Proxy server configuration
If your enterprise requires you to use an HTTP proxy to connect to Rule Execution Server or Decision Center.
- If the client module is Decision
Center,
specify the proxy server in the internet options of your operating
system. For example, for Internet Explorer:
- Open Internet Explorer.
- Open
- Dial-up or private network: Select your configuration and click Settings.
- Local area network: Click LAN.
.
For your type of network, do the following: - Select Use a proxy server.
- Enter your proxy server address in Address, and your proxy port in Port.
- Save your changes.
- If the client module is Rule
Designer,
add the proxy server to your Eclipse preferences.
- Click .
- Set Active Provider to Manual.
- Edit the HTTP and HTTPS proxy entries so that they correspond to your proxy server.
- Save your changes.