Enabling TLS server certificate validation between the Gateway Server and the Application Server
The Gateway Server communicates with the Application Server component of TrueSight Capacity Optimization.
Gateway Server supports only self-signed certificates. So, there is no need for a new certificate to communicate with the Application Server. Only the Application Server and the ETL Engine are needed to be signed.
When you install the Gateway Server, a self-signed certificate is also installed. However, it is recommended to install a security certificate that is issued by a competent public certificate authority (CA).
Complete the following tasks to configure the Application Server to use TLS:
Before you begin
- Ensure that you use the operating systems that support TLS. For more information, see TLS considerations for TrueSight Capacity Optimization.
- Ensure that you configure the Application Server in HTTPS mode.
If the Application Server is configured in HTTP mode and you want to switch to HTTPS mode, you must reinstall the Application Server. For more information, see Installing Application Server.
Obtaining a signed security certificate for the Application Server
You must obtain a certificate that is signed by a CA. Usually, the security department of your organization can provide you this certificate or you can request for it from the CA that your organization recommends. For information about requesting for a signed certificate, see Creating a request for a CA-signed certificate.
Installing the signed certificates into the truststore of Application Server
If you are switching the Application Server to a new machine, you must reinstall the product to point the installation to the new Application server. For more information, see Installing Application Server.
The Application Server uses the cotruststore.ts truststore to communicate with other components. This truststore is bundled along with the Server installation and is located in the <Server Installation Directory>/secure directory.
Configuring the Application Server to use TLS
Complete the following steps on all the computers where the Application Server components and ETL Engine Server are installed:
Navigate to the <Server Installation Directory>/tools directory and run the switchTLSmode.pl script.
#Example switchTLSmode.pl -on -tspwd -flow internal
The page .Enabling TLS server certificate validation among the internal product components v11.0 was not found -- Please check/update the page name used in the MultiExcerpt-Include macro
- When you are prompted, enter the password to access the truststore.
The communication channels between the Application Server and the Gateway Server are now TLS 1.2 enabled with server certificate validation.
Comments
• 1. It’s not specified how to put the new certificate on the GW server apache • 2. It’s not specified how to import the GW server certificate into TSCO AS truststore
The documentation is missing instructions on how to replace the self-signed SSL certificate the installer creates with a site-signed version.
Only self signed certificates are supported for the GWS.
Thanks for the feedback, Dima.
As per our email discussion, I have updated the topic.
Log in or register to comment.