To secure the connection between WebSphere® Liberty and other components in i2 Analyze, you must configure Liberty for SSL. Update the configuration with the location of a keystore and truststore to use, and the passwords that are used to access the certificates that are contained within them.
Modify the i2 Analyze topology.xml file to specify that a secure connection must be used with the application server. Then, update the credentials.properties file to specify the password for the Liberty keystore and truststore files.When the procedure is complete, it is only possible to connect to Liberty by the HTTPS protocol that uses the secure port that is defined in the port definition properties file. The non-secure port cannot be used.
-
In an XML editor, open the toolkit\configuration\environment\topology.xml
file.
-
In the
<application>
element for the application server to secure, add the
secure-connection
attribute with the value of true.
For example, add the attribute as highlighted in the following
code:
<application http-server-host="true" name="opal-server"
host-name="hostname" secure-connection="true">
Note: The
host-name
attribute value must match the common name that is associated with the
certificate for the application server.
-
Add the
<key-stores>
element as a child of the
<application>
element. Then, add a child <key-store>
element.
For your keystore, specify the type as key-store and
file as the full path to your keystore.
For example, add the attribute as highlighted in the following
code:
<application http-server-host="true" name="opal-server"
host-name="hostname" secure-connection="true">
...
<key-stores>
<key-store type="key-store"
file="C:/IBM/i2analyze/i2-liberty-keystore.jks"/>
</key-stores>
...
</application>
-
Specify the keystore passwords in the credentials file.
-
In a text editor, open the
toolkit\configuration\environment\credentials.properties file.
-
Enter the password for the keystore that you specified in the topology.xml
file.
ssl.keystore.password=password
-
Update the application with your
configuration changes. For more information, see
Redeploying Liberty.
You must secure the connection between the HTTP Server and Liberty. For more information, see
Securing the connection between the HTTP server and Liberty.