Secure Sockets Layer (SSL) technology can be used to establish an encrypted connection
between a client and server. You can use SSL to ensure that communication between i2 Analyze
components is encrypted.
Depending on your topology and requirements,
you can configure SSL for the following connections:
- The client and the HTTP server
- The HTTP server and Liberty
- Liberty, ZooKeeper, and Solr
- Liberty and the database management
system
For information about securing the connection
between Liberty and any i2 Connectors, see client
authenticated Secure Sockets Layer with the i2
Connect gateway.
The version of the TLS protocol that is
supported by i2 Analyze is TLS V1.2.
The instructions are intended for readers who
are familiar with configuring i2® Analyze, securing network
connections, and managing SSL key authentication
certificates. Refer also to the documentation for the individual
components: IBM HTTP Server, Liberty, Solr,
ZooKeeper, Db2, or Microsoft SQL Server.
The instructions are based on a sample scenario
for a single-server deployment. The instructions
use self-signed certificates to demonstrate
working SSL configurations. During the process of
creating a production deployment, you can
configure SSL in the pre-production environment.
In a production deployment, you must use
certificates that are signed by a trusted
certificate authority. For more information about
implementing SSL in a deployment on multiple
servers, see
the distributed
deployment example on GitHub.
Important: At this release, if you configure Solr to use SSL after it is deployed without it, you must re-create your Solr collections. Aim to configure Solr to use SSL before you ingest a large amount of data into your system.
Attention: i2 takes reasonable steps to verify the suitability of i2 Analyze for internet deployment. However, it does not address lower-level issues such as guarding networks against penetration, securing accounts, protecting against brute force attacks, configuring firewalls to avoid DoS or DDoS attacks, and the like. For your deployment of i2 Analyze, follow industry-standard practices and recommendations for protection of your systems. i2 accepts no liability for the consequences of such attacks on your systems. This information is not intended to provide instructions for managing key databases or certificates.