Jump to: navigation, search

Specific connection configuration details

iWD follows the common Genesys approach and recommends using Host-level configuration with PEM-files on Linux and Windows certificates on Windows for all PSDK connections, REST clients and JMS client. For REST servers, Connection-level configuration with JKS-files is recommended. For JDBC clients the recommended way is to use JKS files and configure connection via JVM options.

Assumptions/Prerequisites

  • You have generated certificates with associated private and public keys.
  • You have Java keystore and truststore files with the same keys.

Please find more information about certificates here.

ActiveMQ

To configure SSL in ActiveMQ, please refer to the vendor's ActiveMQ documentation.

Sample ActiveMQ SSL configuration

The following is an example of how you might configure SSL for ActiveMQ.

  1. Copy keystore.jks and truststore.jks into the <Apache ActiveMQ installation directory>/conf folder.
  2. Open the <Apache ActiveMQ installation directory>/conf/activemq.xml file and add the following lines:
     <transportConnectors>
         ...
        <transportConnector name="ssl" uri="ssl://0.0.0.0:61617?trace=true&needClientAuth=true"/>
         ...
    </transportConnectors>
    <sslContext>
        <sslContext keyStore="file:${activemq.base}/conf/keystore.jks"
        keyStorePassword="YourKeyStorePassword"
        trustStore="file:${activemq.base}/conf/truststore.jks"
        trustStorePassword="YourTrustStorePassword" />
    </sslContext>
    
  3. Change keystore and truststore passwords accordingly.
  4. Restart ActiveMQ.

JDBC configuration

Please read the Configuring database connections topic.

Windows certificates import

For the Windows certificates installation procedure please see the Windows certificates topic.

Framework configuration

Configuration Server

Configure the auto-upgrade port as described in Securing core framework connections topic.

Interaction Server, UCS, Message Server

Configure secured ports as described here.

Host configuration

  1. Open GAX -> Hosts -> <your_host> -> and fill the certificate fields with your PEM certificate files.

  2. TLS1.png

  3. Open the Options tab and add the following options:
    • [security]/tls = true
    • [security]/mutual-tls = true
  4. TLS2.png

Troubleshooting

If you start receiving ESP Server is not connected interaction errors and tasks, do the following:

  1. Go to the ErrorHeld queue, add the tls=1 transport parameter to the connection between Interaction Server and GRE or the GRE cluster application and GRE nodes.
  2. Add the tls=1 transport parameter to the connection between Interaction Server and Universal Contact Server.

Feedback

Comment on this article:

blog comments powered by Disqus
This page was last modified on June 22, 2018, at 02:37.