Enabling TLS

TLS can now be enabled, as a valid certificate pair is present on all servers.

About this task

On all Windows servers in the Discover environment, enable TLS using the DCSTool.exe utility. TLS cannot be selectively enabled: if enabled at all, it must be enabled on all Windows servers.

Procedure

  1. Open a command prompt (cmd).
  2. Change directory (cd) to <Discover Installation Directory>\Tools\.
  3. Run the command DCSTool.exe enable.
    Note: When restarting services, do not rely on the "Stop All Discover Services" Start menu shortcut, which does not in fact stop all services. Ensure all services whose name begins with "Discover" are restarted using the Windows Services snap-in. Also restart IIS, which you can do using the iisreset command from the command prompt. Alternatively, just reboot.

Results

You will notice that after enabling TLS the registry entry is set to 1:
HKLM:\SOFTWARE\Wow6432Node\HCL Discover\EnableTLS = 1

What to do next

Make these following configurations based on the Discover setup.

DISTRIBUTED SETUP

Make the following configurations in Replay Server:
<disover Root install folder>\ApacheTomcat\conf\server.xml
<Connector protocol='org.apache.coyote.http11.Http11NioProtocol' port='38004' maxThreads='150' SSLEnabled='true'>
<SSLHostConfig>
<Certificate certificateKeystoreFile='<path-of-the-certificate-file>' certificateKeystorePassword='<password>' certificateKeystoreType='PKCS12' type='RSA' />
</SSLHostConfig>
</Connector>
where:
  • <path-of-the-certificate-file> is the path of keystore certificate file. Example: C:\ProgramData\HCL\Discover\security\discover.p12.
  • <password> is the password to access the keystore certificate file. Example: My725Password284.

Make the following configuration in Session Archiving Server:

<disover Root install folder>\ApacheTomcat\conf\server.xml
<Connector protocol='org.apache.coyote.http11.Http11NioProtocol' port='38006' maxThreads='150' SSLEnabled='true'>
<SSLHostConfig>
<Certificate certificateKeystoreFile='<path-of-the-certificate-file>' certificateKeystorePassword='<password>' certificateKeystoreType='PKCS12' type='RSA' />
</SSLHostConfig>
</Connector>
where:
  • <path-of-the-certificate-file> is the path of keystore certificate file. Example: C:\ProgramData\HCL\Discover\security\discover.p12.
  • <password> is the password to access the keystore certificate file. Example: My725Password284.

ALL-IN-ONE SETUP

<disover Root install folder>\ApacheTomcat\conf\server.xml

Add both the connectors in the same file.

<Connector protocol='org.apache.coyote.http11.Http11NioProtocol' port='38004' maxThreads='150' SSLEnabled='true'>
<SSLHostConfig>
<Certificate certificateKeystoreFile='<path-of-the-certificate-file>' certificateKeystorePassword='<password>' certificateKeystoreType='PKCS12' type='RSA' />
</SSLHostConfig>
</Connector>

<Connector protocol='org.apache.coyote.http11.Http11NioProtocol' port='38006' maxThreads='150' SSLEnabled='true'>
<SSLHostConfig>
<Certificate certificateKeystoreFile='<path-of-the-certificate-file>' certificateKeystorePassword='<password>' certificateKeystoreType='PKCS12' type='RSA' />
</SSLHostConfig>
</Connector>
where:
  • <path-of-the-certificate-file> is the path of keystore certificate file. Example: C:\ProgramData\HCL\Discover\security\discover.p12.
  • <password> is the password to access the keystore certificate file. Example: My725Password284.