SSL in HCL Marketing Software
Many HCL® application components can act as both server and client during normal operations, and some HCL components are written in Java™ and some in C++. These facts determine the format of the certificates you use. You specify the format when you create a self-signed certificate or purchase one from a CA.
HCL applications do not require a truststore when they act as a client making one-way SSL requests to an HCL server component.
Java component acting as a server
For HCL applications written in Java, using the JSSE SSL implementation, and deployed on an application server, you must configure the application server to use your certificate. The certificate must be stored in JKS format.
You cannot use the default certificate provided with the application server.
You can create JKS certificates for your Java applications using Java keytool.
C++ component acting as a server
The Campaign listener and Contact Optimization server component are written in C++, and require a .kdb certificate created in GSKit.
Java component acting as a client
For HCL applications written in Java and deployed on an application server, no truststore is needed. For ease of configuration, HCL Java applications acting as a client do not authenticate the server during one-way SSL communications. However, encryption does take place.
C/C++ components acting as a client
For applications written in C/C++ and using the GSkit implementation, no truststore is needed. The Campaign listener, Contact Optimization server component, and NetInsight fall into this category.
How many certificates?
Ideally, you should use a different certificate for every machine that hosts an HCL component acting as a server.
If you do not want to use multiple certificates, you can use the same certificate for all the HCL components acting as servers. If you use one certificate for all applications, when users access HCL applications for the first time, the browser asks whether they want to accept the certificate.