Configuring SSL connection between remote command-line client and master domain manager
Before you begin
Before starting with the procedure to configure the SSL connection between the remote command-line client and the master domain manager, ensure that you set the CLISSLSERVERAUTH property to true in the localopts file of the fault-tolerant agent instance.
About this task
To configure a remote command-line client to
connect to a master domain manager in SSL mode, perform the following steps:
- Extract the certificate on the master domain manager instance by running the following procedure:
- Log on as Administrator on Windows operating systems, or as root on UNIX and Linux operating systems, on the machine where the master domain manager is installed.
- Extract the server.crt
base 64 certificate by
running:
where <path> is one of the following:keytool -export -alias server -rfc -file server.crt -keystore path>/TWSServerKeyFile.jks -storepass default
- On Windows systems
- <TWA_home>\usr\servers\engineServer\resources\security\TWSServerKeyFile.jks
- On UNIX systems
- <TWA_DATA_DIR>/usr/servers/engineServer/resources/security/TWSServerKeyFile.jks
- Log on as Administrator on Windows operating systems, or as root on UNIX and Linux operating systems, on the machine where the remote command-line client is installed with a fault-tolerant agent.
- Perform a binary FTP of the server.crt certificate from the machine where you installed the master domain manager instance to the machine where you installed the remote command-line client in the directory <FTA_INST_DIR>\ssl.
- Rename the <FTA_INST_DIR>\ssl\server.crt file to <FTA_INST_DIR>\ssl\server.arm.
- Open the localopts configuration file in the fault-tolerant agent instance.
- Complete one of the following attributes in the
# Attributes for CLI connections
configuration section and perform the actions:- CLISSLSERVERCERTIFICATE
- Specify the absolute path of the server.arm file on the fault-tolerant agent machine. In this example, <FTA_INST_DIR>\ssl\server.arm.
- CLISSLTRUSTEDDIR
- Specify the path of the directory that contains all the certificates.arm files also the <FTA_INST_DIR>\ssl\server.arm that the remote command-line client can trust.
Note: Do not set simultaneously the CLISSLSERVERAUTH and CLISSLTRUSTEDDIR values. For more information about the SSL configuration, see Connection security overview. - Save the localopts file.
- Restart the fault-tolerant agent processes to accept the localopts changes.