Configuring SSL when using WebSphere

This section describes the general steps required to configure SSL if you have deployed HCL Unica components on WebSphere®. This change is required to allow Deliver components that operate inside Campaign to communicate with HCL Unica hosted services over SSL.

Before you begin

Before you begin, you will need to know the value for the configuration property uiHostName. The value for uiHostName is the URL for HCL Unica hosted services . For details, see Configuring addresses for connecting to HCL Unica hosted services.

About this task

You must access the WebSphere® security console to modify settings for SSL certificate and key management. This task requires a restart of the Campaign web application server to implement the changes.

If you have deployed Campaign on WebSphere®, you must modify the WebSphere® security configuration to retrieve the signer certificate from HCL Unica and add it to the WebSphere® trust store. If you receive an error message indicating that your current signer certificate has expired, delete the current certificate and add a new one.

For specific guidance regarding navigation and working with the WebSphere® user interface, consult the documentation for the specific Unica WebSphere® version you are using.

Procedure

  1. Generate a trusted keystore.

    For additional details, see Generating a trusted keystore.

    To configure SSL, you need to specify the values that you define for the following variables. The values shown are for example only. Your values can be different.

    • alias: UnicaClientIdentity (example)
    • keystore: HCLUnicaTrust.jks (example)
    • storepass: trustPwd (example)
  2. Select the new keystore in the WebSphere® security console.

    For example, if you followed the example in Step 1, select HCLUnicaTrust.jks.

  3. Obtain a security certificate from HCL Unica and import it into WebSphere®, as described in the following steps.
    1. In the WebSphere® security console, navigate to SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates. Select the option to Retrieve from port.
    2. Configure WebSphere® to establish a test connection to retrieve the signer certificate from HCL Unica. Enter the following values for the HCL Unica signer certificate.
      • Host The value that is defined for Deliver >serverComponentsAndLocations > hostedServices >uiHostName
      • Port 443
      • SSL configuration for outbound connection NodeDefaultSSLSettings
      • Alias The value that you entered for Host

      When you have finished, WebSphere® communicates with HCL Unica hosted services to retrieve the information required to create a signer certificate for HCL Unica hosted services.

  4. After WebSphere® finishes creating the signer certificate, select the new certificate in the security console.

    The web application server uses the new certificate when establishing connections to HCL Unica.

  5. Restart WebSphere®

    WebSphere® does not implement the configuration changes until you restart the web application server.

    For additional information about supported WebSphere® versions for deploying Unica products, see the Recommended Software Environments and Minimum System Requirements document for each product.