About this task
Important: It
is a best practice to enable SSL for the Content Engine and Process Engine web services (CEWS and
PEWS). Authentication over these two web services is usually performed
by providing username and password credentials. If these web services
are not configured to run over an SSL connection, clear text passwords
will be sent across the network. (However, this is not true when Kerberos-based
authentication is used. Kerberos authentication is available only
for the Content Platform Engine web
service.) The option not to use SSL over these two web services is
provided primarily for development systems or other non-production
systems where the security provided by SSL might not be required.
It
is also a best practice to enable TLS/SSL for EJB transport because
unencrypted user passwords might be sent in default configurations.
Configuring EJB transport for the secure exchange of credentials and
payloads is application server-specific.
- The Content Platform Engine web
service is used:
- By all clients of the Content Platform Engine .NET
API
- By all clients of the Content Platform Engine COM
Compatibility API (CCL)
- By the FileNet® Deployment
Manager tool
- By Component Manager
- Certain Java™ applications
(written against the Content Platform Engine zJava API) might use the Content Platform Engine web service transport,
but typically they would use EJB transport (IIOP or T3 protocol).
- The Application Engine server
uses only the EJB transport to communicate with the Content Platform Engine.