Configuring Unica Director for SSL

About this task

Perform the following steps to configure SSL for Unica Director Server and Agent:

Prerequisites:

1. The Unica Campaign and Unica Platform application should SSL enabled too.

2. In Unica Platform, Go to HCL Unica Platform |Security |API management|Unica Platform. The path (Affinium|suite|security|apiSecurity|manager) appears only when we click above.

Configure SSL for Unica Director Server by performing the following steps:

Prerequisite:

Copy certificate files (.cer / .jks) used for Unica Platform to the machine where Unica Director server will be running. For example - PlatformClientIdentity.jks and PlatformClientSecurityCert.cer used to configure Unica Platform / Unica Campaign SSL environment.

1. Navigate to <HCL_Unica_DIRECTOR_SERVER_HOME>\Agent and open the Agent jar.Once you open Agent jar then please update below parameter in application.properties file.

For agent component , application. properties is available inside <HCL_Unica_DIRECTOR_SERVER_HOME>\add-on_Agent-11.1.0.0.jar\BOOT-INF\classes.

For Windows - To update the jar,user can use 7-zip or any other tool to open the jar file and change only in one file : application.properties and then user can run updated jar file successfully.

For Linux/SUSE - To update the jar, run > vim add-on_Agent-11.1.0.0.jar command inside <HCL_Unica_DIRECTOR_SERVER_HOME>\Agent on the terminal , select BOOT-INF/classes/application.properties path and change only in one file : application.properties and save the file. Exit the vi editor once saved. User can run the updated jar file successfully

Un-comment all below :

server.ssl.key-alias=PlatformClientIdentity #this should same alias as of PlatformClientIdentity.jks

server.ssl.key-password=unica*03 #this should be same password used to create PlatformClientIdentity.jks

server.ssl.key-store=C:\\PROGRA~1\\Java\\JDK18~1.0_1

bin

PlatformClientIdentity.jks #Provide the path where you copied PlatformClientIdentity.jks

server.ssl.key-store-provider=SUN #if using Oracle JRE , provider is SUN , for IBM Jre , provider is IBMJCE

server.ssl.key-store-type=JKS

2. Import the certificate inside the JRE keystore which will be used to start Unica Director server:

keytool -import -file PlatformClientSecurityCert.cer -alias addonkey -keystore $JDK_HOME/jre/lib/security/cacerts

3. Start the Unica Director Server

$JDK_HOME/bin/java -jar add-on_Server-12.0.0.0

Configure SSL for Unica Director Agent by performing the following steps:

Pre-requisite:

Copy certificate files (.cer / .jks) used for Unica Platform to the machine where Unica Director Agent will be running. For example - PlatformClientIdentity.jks and PlatformClientSecurityCert.cer used to configure Unica Platform / Unica Campaign SSL environment.

1. Navigate to <HCL_Unica_DIRECTOR_SERVER_HOME>\Agent and open application.properties file , change below values:

Un-coment all below :

server.ssl.key-alias=PlatformClientIdentity #this should same alias as of PlatformClientIdentity.jks

server.ssl.key-password=unica*03 #this should be same password used to create PlatformClientIdentity.jks

server.ssl.key-store=C:\\PROGRA~1\\Java\\JDK18~1.0_1

bin

PlatformClientIdentity.jks #Provide the path where you copied PlatformClientIdentity.jks

server.ssl.key-store-provider=SUN #if using Oracle JRE , provider is SUN , for IBM Jre , provider is IBMJCE

server.ssl.key-store-type=JKS

2. Import the certificate inside the JRE keystore which will be used to start Unica Director server:

keytool -import -file PlatformClientSecurityCert.cer -alias addonkey -keystore $JDK_HOME/jre/lib/security/cacerts

3. Start the Unica Director Agent:

$JDK_HOME/bin/java -jar add-on_Server-12.0.0.0

Configure Director Server with multiple SSL enabled Unica Environments
  • Step 1 - How to generate JSK self-signed certificate.

    keytool -genkey -alias DirectorClientIdentity -keyalg RSA -keystore DirectorClientIdentity.jks -keypass password -validity 3650 -dname "CN=*.nonprod.hclpnp.com" -storepass password

    keytool -export -keystore DirectorClientIdentity.jks -storepass password -alias DirectorClientIdentity-file DirectorCertificate.cer

  • Step 2 - Import Multiple environments certificates in to newly generated certificates:

    Import environment 1's and 2'nd public certificate in to DirectorClientIdentity.jks

    Sample command:

    keytool -import -alias PlatformClientIdentity_env1 -file PlatformClientIdentity_env1.cer -keystore DirectorClientIdentity.jks -storepass password

    keytool -import -alias PlatformClientIdentity_env2 -file PlatformClientIdentity_env2.cer -keystore DirectorClientIdentity.jks -storepass password

  • Step 3 - Now Import this certificate in java cacert which is running director application:

    keytool -import -file PlatformCertificate.cer -alias platformkey -keystore /opt/IBM/WebSphere/AppServer/java/jre/lib/security/cacerts

Add below mentioned Platform certiifcates in Director Server application.properties file:

server.ssl.key-alias=PlatformClientIdentity1 #this should same alias as of

PlatformClientIdentity1.jks

server.ssl.key-password=unica*03 #this should be same password used to create

PlatformClientIdentity.jks

server.ssl.key-alias=PlatformClientIdentity2 #this should same alias as of

PlatformClientIdentity2.jks

server.ssl.key-password=unica*03 #this should be same password used to create

PlatformClientIdentity.jks

Start the Director Server