CAA-WS, https to and from a Cloverleaf

[TorfinnK]

Hello Clovertechers

Running Cloverleaf 6.1.2 on Windows 2012 R2 and CAA-WS 2.0.

We already has two interfaces, one client (sending to a ws) and one server (receiving), both using http and they Works fine.

Now the customer wants to switch to https, and I

Topic

[Russ Ross]

I collect past clovertech URLs in case I need to leverage something from the past myself.

Here are a couple of HTTP related URLs that talk a little about certificates even thought it is something I haven’t done myself.

<a href="https://usspvlclovertch2.infor.com/viewtopic.php?t=5539&#8243; class=”bbcode_url”>https://usspvlclovertch2.infor.com/viewtopic.php?t=5539

<a href="https://usspvlclovertch2.infor.com/viewtopic.php?t=7074&#8243; class=”bbcode_url”>https://usspvlclovertch2.infor.com/viewtopic.php?t=7074

Russ Ross
RussRoss318@gmail.com

[Elisha Gould]

You’ll need to set up a keystore if one hasn’t been provided already.

If you have a Root CA that you use within your organisation, then you may need to get a keystore set up for yourself, and your vendor (one for your server, one for the vendor).

If the vendor is providing the certificates, then request that they provide you with a keystore or sign a Certificate Signing Request.

The keystore will need at minimum:

A signed private key alias

A root ca certificate alias

To set up in CAA-WS:

For the server add a new engine that is TLS secured and fill in the Keystore information.

For the client add a new http conduit that is TLS secured and fill in the Truststore information.

If you have the keystore file with both the private and ca alias, the same keystore can be used for both.

Set the permissions of the keystore so that only the hci user can access the file (or whichever user you use for your sites).

[Corrie Henry]

TorfinnK,

Did Elisha’s keystore recommendation work.  I also have a vendor who would like to send data to me via HTTPS.

[Author]

Replies