Configuring GRS for Secure Sockets Layer (SSL)
This topic describes how set to up GRAT and/or GRE in SSL (Secure Sockets Layer) mode using the Java Keytool utility which should be available if Java is installed. In these steps, Keytool is used to generate the self-signed certificate and update Java's keystore to add the certificate. The browser is used to download the public certificate.
Supported configurations are:
- GRAT in SSL mode and GRE in non-SSL mode
- GRAT in non-SSL mode and GRE in SSL mode
- Both GRAT and GRE in SSL mode
Changes in GRE's Communication Port in Configuration
- Make sure the correct SSL communication port is provided. In Tomcat, by default, 8080 is a non-SSL port and 8443 is for SSL.
- The value for the Connection Protocol in the GRE Port must remain as http (NOT to be changed to https).
- The listening mode must be set to Secured.
Setting up GRAT in SSL Mode
- [+] Create the Certificate if it is not already available.
- [+] Enable SSL in the server configuration by using the Certificate and disable non-SSL mode.
- [+] On the GRE machine, get the public certificate of GRAT.
- [+] On the GRE machine, add the public certificate to Java Keystore using the Java Keytool.
- As for GRE, repeat step 3 and 4 for any other Java clients of GRAT which would need to use HTTPS to send requests to GRAT.
Setting up GRE in SSL mode
The procedure to set up GRE in SSL mode is similar to the procedure for GRAT. In step 3, use:
https://[ GRE IP address]:[SSL port number]/genesys-rules-engine/status.jsp
to get GRE's public certificate on the GRAT machine.
Similar to the steps above, where you added GRAT's public certificate to GRE's Java keystore, for GRE you need to add GRE's public certificate (exported from the browser) to GRAT's Java Keystore.