Jump to: navigation, search

Configuring GRS for Secure Sockets Layer (SSL)

Introduction

Purpose

This topic describes how set to up GRAT and/or GRE in SSL (Secure Sockets Layer) mode using the Java Keytool utility which should be available if Java is installed. In these steps, Keytool is used to generate the self-signed certificate and update Java's keystore to add the certificate. The browser is used to download the public certificate.

Supported Configurations

Supported configurations are:

  • GRAT in SSL mode and GRE in non-SSL mode
  • GRAT in non-SSL mode and GRE in SSL mode
  • Both GRAT and GRE in SSL mode

Changes in GRE's Communication Port in Configuration

  • Make sure the correct SSL communication port is provided. In Tomcat, by default, 8080 is a non-SSL port and 8443 is for SSL.
  • The value for the Connection Protocol in the GRE Port must remain as http (NOT to be changed to https).
  • The listening mode must be set to Secured.

Setting up GRAT in SSL Mode

Important
The steps here demonstrate how to create a self-signed certificate and use it for SSL. For security reasons, it is very important that you consult your organization’s IT Security Administrator to check whether you must use a certificate signed by an external CA (Certificate Authority) like VeriSign or Thawte.
  1. [+] Create the Certificate if it is not already available.
  2. [+] Enable SSL in the server configuration by using the Certificate and disable non-SSL mode.
  3. [+] On the GRE machine, get the public certificate of GRAT.
  4. [+] On the GRE machine, add the public certificate to Java Keystore using the Java Keytool.
  5. If you are using GRDT, repeat steps 3 and 4 on the GRDT machine. Make sure to update the Host Configuration under Preferences > Genesys Rules System > Repository Server to use the https port and ensure that the HTTPS checkbox is selected.
  6. As for GRE and GRDT, repeat step 3 and 4 for any other Java clients of GRAT which would need to use HTTPS to send requests to GRAT.

Setting up GRE in SSL mode

The procedure to set up GRE in SSL mode is similar to the procedure for GRAT. In step 3, use:

 https://[ GRE IP address]:[SSL port number]/genesys-rules-engine/status.jsp

to get GRE's public certificate on the GRAT machine.

Similar to the steps above, where you added GRAT's public certificate to GRE's Java keystore, for GRE you need to add GRE's public certificate (exported from the browser) to GRAT's Java Keystore.

Feedback

Comment on this article:

blog comments powered by Disqus
This page was last modified on April 28, 2017, at 03:03.