Enabling TLS
TLS can now be enabled, as a valid certificate pair is present on all servers.
About this task
On all Windows servers in the Discover environment, enable TLS using the DCSTool.exe utility. TLS cannot be selectively enabled: if enabled at all, it must be enabled on all Windows servers.
Procedure
- Open a command prompt (cmd).
- Change directory (cd) to <Discover Installation Directory>\Tools\.
-
Run the command DCSTool.exe enable.
Note: When restarting services, do not rely on the "Stop All Discover Services" Start menu shortcut, which does not in fact stop all services. Ensure all services whose name begins with "Discover" are restarted using the Windows Services snap-in. Also restart IIS, which you can do using the iisreset command from the command prompt. Alternatively, just reboot.
Results
HKLM:\SOFTWARE\Wow6432Node\HCL Discover\EnableTLS = 1
What to do next
DISTRIBUTED SETUP
Make the following configurations in
Replay
Server:
<disover Root install folder>\ApacheTomcat\conf\server.xml
<Connector protocol='org.apache.coyote.http11.Http11NioProtocol' port='38004' maxThreads='150' SSLEnabled='true'>
<SSLHostConfig>
<Certificate certificateKeystoreFile='<path-of-the-certificate-file>' certificateKeystorePassword='<password>' certificateKeystoreType='PKCS12' type='RSA' />
</SSLHostConfig>
</Connector>
where:
- <path-of-the-certificate-file> is the path of keystore certificate file. Example: C:\ProgramData\HCL\Discover\security\discover.p12.
- <password> is the password to access the keystore certificate file. Example: My725Password284.
Make the following configuration in Session Archiving Server:
<disover Root install folder>\ApacheTomcat\conf\server.xml
<Connector protocol='org.apache.coyote.http11.Http11NioProtocol' port='38006' maxThreads='150' SSLEnabled='true'>
<SSLHostConfig>
<Certificate certificateKeystoreFile='<path-of-the-certificate-file>' certificateKeystorePassword='<password>' certificateKeystoreType='PKCS12' type='RSA' />
</SSLHostConfig>
</Connector>
where:
- <path-of-the-certificate-file> is the path of keystore certificate file. Example: C:\ProgramData\HCL\Discover\security\discover.p12.
- <password> is the password to access the keystore certificate file. Example: My725Password284.
ALL-IN-ONE SETUP
<disover Root install folder>\ApacheTomcat\conf\server.xml
Add both the connectors in the same file.
<Connector protocol='org.apache.coyote.http11.Http11NioProtocol' port='38004' maxThreads='150' SSLEnabled='true'>
<SSLHostConfig>
<Certificate certificateKeystoreFile='<path-of-the-certificate-file>' certificateKeystorePassword='<password>' certificateKeystoreType='PKCS12' type='RSA' />
</SSLHostConfig>
</Connector>
<Connector protocol='org.apache.coyote.http11.Http11NioProtocol' port='38006' maxThreads='150' SSLEnabled='true'>
<SSLHostConfig>
<Certificate certificateKeystoreFile='<path-of-the-certificate-file>' certificateKeystorePassword='<password>' certificateKeystoreType='PKCS12' type='RSA' />
</SSLHostConfig>
</Connector>
where:
- <path-of-the-certificate-file> is the path of keystore certificate file. Example: C:\ProgramData\HCL\Discover\security\discover.p12.
- <password> is the password to access the keystore certificate file. Example: My725Password284.