Enabling HTTPS support for internode communication
Starting from Service Pack 6 of version 5.0, BRPM supports HTTPS for internode communication, which provides secure communication between nodes in your cluster environment.
Prerequisites
- Make sure that the certificates of all the nodes in your cluster environment are the same.
- This feature is not supported if you have self-signed certificates configured for your nodes in cluster.
To enable HTTPS for socket binding ports
When you upgrade to Service Pack 6 of BRPM 5.0 from earlier versions, the internode communication is in HTTP, by default. To enable HTTPS, do the following steps:
- Stop the BRPM service of all the nodes in a cluster.
- Do the following steps on each node in your cluster:
- Go to RLMhome/bin.
- Open the start.sh file in a text editor.
- Locate the parameter HTTPS_INTERNODE_COMMUNICATION. By default, this parameter is set to false.
- Set the parameter to true to enable HTTPS.
- When the HTTPS is enabled, BRPM refers to the configuration in the XML file corresponding to your deployment:
- For high-availability deployment, the standalone-full-ha-https.xml file is referred.
For non-high-availability (stand-alone) deployment, the standalone-full-https.xml file is referred.
Copy any custom changes from the standalone-full-ha.xml to standalone-full-ha-https.xml file, (for example, changing port numbers and performance tuning parameters).
<socket-binding-group default-interface="public" name="standard-sockets" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="https" port="8443"/>
</socket-binding-group>Restart the BRPM service on all the nodes in a cluster. The following message is displayed on the prompt when you start a service in the cluster:
Starting as cluster's node with HTTPS internode communication.
Related topic