Secure Sockets Layer connections with i2 Analyze

Secure Sockets Layer (SSL) technology can be used to establish an encrypted connection between a client and server. You can use SSL to ensure that communication between i2 Analyze components is encrypted.

Depending on your topology and requirements, you can configure SSL for the following connections:
  • The client and the HTTP server
  • The HTTP server and Liberty
  • Liberty, ZooKeeper, and Solr
  • Liberty and the database management system

For information about securing the connection between Liberty and any i2 Connectors, see client authenticated Secure Sockets Layer with the i2 Connect gateway.

The version of the TLS protocol that is supported by i2 Analyze is TLS V1.2.

The instructions are intended for readers who are familiar with configuring i2® Analyze, securing network connections, and managing SSL key authentication certificates. Refer also to the documentation for the individual components: IBM® HTTP Server, Liberty, Solr, ZooKeeper, Db2, or Microsoft SQL Server.

The instructions are based on a sample scenario for a single-server deployment. The instructions use self-signed certificates to demonstrate working SSL configurations. During the process of creating a production deployment, you can configure SSL in the pre-production environment. In a production deployment, you must use certificates that are signed by a trusted certificate authority. For more information about implementing SSL in a deployment on multiple servers, see the distributed deployment example on GitHub.

Attention: IBM takes reasonable steps to verify the suitability of i2 Analyze for internet deployment. However, it does not address lower-level issues such as guarding networks against penetration, securing accounts, protecting against brute force attacks, configuring firewalls to avoid DoS or DDoS attacks, and the like. For your deployment of i2 Analyze, follow industry-standard practices and recommendations for protection of your systems. IBM accepts no liability for the consequences of such attacks on your systems. This information is not intended to provide instructions for managing key databases or certificates.