Jump to: navigation, search

Secure Connections to URS or ORS

Introduced in 8.5.211

By default, GMS connects to ORS and URS using HTTP. You can use HTTPS for these connections by following the steps below.

HTTPS Connection to URS

  1. Retrieve the URS certificate.
  2. Import this certificate in the Java keystore.
    The following command line imports the certificate in the default JDK keystore from JDK, that is, using the default java keystore password 'changeit'.
    $ keytool -import -alias urscertificate -keystore /etc/pki/java/cacerts -file /security/urscertificate.crt -noprompt -storepass changeit
    Note that changeit is the default password provided during at Java installation.
  3. Configure the URS URL in GMS to point to the secured endpoint.
    The example below shows how to provision a GMS service for a given URS Agent statistic.
[service.agent-stat-proxy-https]
_caching_policy=5
_service=urs-stat
_type=builtin
_urs_stat_url_parameters=tenant=Environment&target=KSippola.A&json&ext
_urs_url=https://hosturs:443/urs/stat/targetstate

Testing the URS Connection

To test the URS connection, enter the following commands:

$ curl -k https://hosturs:443/urs/version
8.1.400.41
$ curl -k "https://hosturs:443/urs/stat/targetstate?tenant=Environment&target=KSippola.A&json&ext"
{
"status":0,"agent":"KSippola"
}

Testing your GMS connection to URS

To test the GMS connection to URS, enter the following commands:

$ curl "http://hostgms:8080/genesys/1/service/agent-stat-proxy-https"
{"agent":"KSippola","status":0}

In case of any issue while connecting to URS, the response would look like below:

$ curl "http://hostgms:8080/genesys/1/service/agent-stat-proxy-https"
{"exception":"java.io.IOException","message":"URSStatisticService: cannot submit to URS for any URL in 'service.agent-stat-proxy-https' section"}

HTTPS Connection to ORS

  1. Retrieve the ORS certificate.
  2. Import this certificate in the Java keystore.
    The following command line imports the certificate in the default JDK keystore from JDK, that is, using the default java keystore password 'changeit'.
    $ keytool -import -alias orscertificate -keystore /etc/pki/java/cacerts -file /security/orscertificate.crt -noprompt -storepass changeit
  3. Configure the ORS URL in GMS to point to the secured endpoint.
[server]
_ors=https://<hostors>:8443

Testing your ORS connection

To test the ORS connection, enter the following commands:

$ curl -k https://hostors:8443/heartbeat
...
< HTTP/1.1 200 OK
< Server: GTS_CORE 2.0
< Content-Type: text/html;
< Cache-control: private
< Etag: 1560434146
< Content-length: 33
<
Node is operating in primary mode

Testing your GMS connection to ORS

To do so, create a callback through the Callback Service API or using the Callback UI.

This page was last modified on July 5, 2019, at 02:49.

Feedback

Comment on this article:

blog comments powered by Disqus