Configuring HCL Campaign in SSL and HCL Campaign Listener in non-SSL

If your setup has HCL Campaign in SSL and the HCL Campaign Listener in the non-SSL mode, you must configure settings for the applications to work seamlessly.

Before you begin

The HCL Campaign web application must be configured in SSL by using the default certificates.

About this task

All configurations are applicable to the WebSphere Application Server for HCL Campaign. Multiple steps are involved to configure the SSL and non-SSL setup. Each step might have more substeps to be completed.

Procedure

To configure HCL Campaign in SSL and HCL Campaign Listener in non-SSL, complete the following steps:
Complete the following steps.
Table 1. Configuring HCL Campaign in SSL and HCL Campaign Listener in non-SSL
# Step Substeps
1 Generate keystore database files for the Listener server. Run the following commands from and location and note the paths.
gsk8capicmd_64 -keydb -create -populate -db Key.kdb 
               -pw password -stash
gsk8capicmd_64 -cert -create -db Key.kdb -dn "CN=*.in.ibm.com" 
               -expire 3650 -pw password -size 1024 -label key 
               -default_cert yes
gsk8capicmd_64 -cert -extract -db Key.kdb -stashed -label key 
               -target Key.arm

The following files are generated at the location from where you ran the commands.


Files that are generated when the gsk8capicmd commands are run
2 Import the Key.arm file into the application server where the Campaign web application is deployed.
  1. Copy the Key.arm file to the Campaign web application server.
  2. Add the Key.arm file in the NodeDefaultTrustStore of the WebSphere Application Server by completing the following steps:
    1. Click Security > SSL Certificate and key management > Key stores and certificates.
    2. Click NodeDefaultTrustStore > Signer certificates.
    3. Click Add and provide the Alias and the path where the Key.arm file is copied.
    4. Click OK.

The listener key is added to the application server.
3. Extract Personal and Signer certificates from the HCL Campaign WebSphere Application Server.
  1. Click Security > SSL Certificate and key management > Key stores and certificates.
  2. Click NodeDefaultTrustStore > Personal certificates.
  3. Select the default certificate.
  4. Provide the Certificate file name and a valid path in Campaign web application server, and click OK.
  5. Click NodeDefaultTrustStore > Signer certificates.
  6. Select the default certificate.
  7. Provide the Certificate file name and a valid path in Campaign web application server, and click OK.

The ClientPersonal.cer and ClientSigner.cer certificates are generated in the path that you provided.
4 Import the Personal and Signer certificates into the listener keystore database.
  1. Copy the ClientPersonal.cer and ClientSigner.cer certificates to the Listener server.
    Personal and Signer certificates
  2. Import the Personal and Signer certificates to the listener keystore database by using the gsk8capicmd_64 command from the location from where listener keystore database (Key.kdb) was created.
    gsk8capicmd_64 -cert -add -db Key.kdb -stashed 
               -label ClientPersonalKey -file ClientPersonal.cer
gsk8capicmd_64 -cert -add -db Key.kdb -stashed 
               -label ClientSignerlKey -file ClientSigner.cer
5 Modify config.xml file on the listener server. Provide the following information:
  • configurationServerBaseURL: Provide the Campaign SSL URL.
  • unicaServerSSLFile: Provide the .kdb file path.
  • unicaServerSSLFilePwd: Provide the corresponding .sth file path.
<configuration name="bootstrap">
  <category name="bootstrap">
    <property name="suiteName"><value>Affinium</value></property>
    <property name="clientType"><value>HTTP</value></property>
    <!-- configurationServerBaseURL value will be set by AffiniumSuite assembly installer -->
    <property name="configurationServerBaseURL">
        <value>https://eagle191.in.ibm.com:9447/Campaign</value>
    </property>
    <property name="trustedApplication"><value>false</value></property>
    <property name="unicaClientKeystore"><value></value></property>
    <property name="unicaClientKeystorePwd"><value></value></property>
    <property name="unicaServerSSLFile">
        <value>/opt/IBM/IBMMS101/Campaign/bin/certs/Key.kdb</value>
    </property>
    <property name="unicaServerSSLFilePwd">
        <value>/opt/IBM/IBMMS101/Campaign/bin/certs/Key.sth</value>
    </property>
  </category>
</configuration>
6 In the unicaACListener settings set useSSL to TRUE. -
7 Restart the Campaign Application Server and the Campaign Listener. -