Configuring Liberty for TLS
To secure the connection between Open Liberty and other components in i2 Analyze, you must configure Liberty for TLS. Update the configuration with the location of a keystore and truststore to use, and the passwords that are used to access the certificates that are contained within them.
Before you begin
Before you can configure Liberty, you must have a keystore and truststore for Liberty that contain the required certificates. For more information about the required certificates, see Keystores, truststores, and certificates for i2 Analyze.
About this task
Modify the i2 Analyze topology.xml
file to specify that a secure connection must be used with the application server. Then, update the credentials.properties
file to specify the password for the Liberty keystore and truststore files.
When the procedure is complete, it is only possible to connect to Liberty by the HTTPS protocol that uses the secure port that is defined in the port definition properties file. The non-secure port cannot be used.
Steps
In an XML editor, open the
toolkit\configuration\environment\topology.xml
file.In the
<application>
element for the application server to secure, add thesecure-connection
attribute with the value oftrue
.For example:
<application name="opal-server" host-name="hostname" secure-connection="true">
Note: The
host-name
attribute value must match the common name that is associated with the certificate for the application server.Add the
<key-stores>
element as a child of the<application>
element. Then, add child<key-store>
elements.For your keystore, specify the type as
key-store
and file as the full path to your keystore. For your truststore, specify the type astrust-store
and file as the full path to your truststore.For example:
<application name="opal-server" host-name="hostname" secure-connection="true"> ... <key-stores> <key-store type="key-store" file="C:/i2/i2analyze/i2-liberty-keystore.p12"/> <key-store type="trust-store" file="C:/i2/i2analyze/i2-liberty-truststore.p12"/> </key-stores> ... </application>
Specify the keystore passwords in the credentials file.
In a text editor, open the
toolkit\configuration\environment\credentials.properties
file.Enter the password for the keystore and truststore that you specified in the
topology.xml
file.ssl.keystore.password=password ssl.truststore.password=password
Update the application with your configuration changes. For more information, see Redeploying Liberty.