Configuring SSL connection between remote command-line client and master domain manager

Before you begin

Before starting with the procedure to configure the SSL connection between the remote command-line client and the master domain manager, ensure that you set the CLISSLSERVERAUTH property to true in the localopts file of the fault-tolerant agent instance.

About this task

To configure a remote command-line client to connect to a master domain manager in SSL mode, perform the following steps:
  1. Extract the certificate on the master domain manager instance by running the following procedure:
    1. Log on as Administrator on Windows operating systems, or as root on UNIX and Linux operating systems, on the machine where the master domain manager is installed.
    2. Extract the server.crt base 64 certificate by running:
      keytool -export
      -alias server
      -rfc
      -file server.crt
      -keystore path>/TWSServerKeyFile.jks
      -storepass default
      where <path> is one of the following:
      On Windows systems
      <TWA_home>\usr\servers\engineServer\resources\security\TWSServerKeyFile.jks
      On UNIX systems
      <TWA_DATA_DIR>/usr/servers/engineServer/resources/security/TWSServerKeyFile.jks
  2. Log on as Administrator on Windows operating systems, or as root on UNIX and Linux operating systems, on the machine where the remote command-line client is installed with a fault-tolerant agent.
  3. Perform a binary FTP of the server.crt certificate from the machine where you installed the master domain manager instance to the machine where you installed the remote command-line client in the directory <FTA_INST_DIR>\ssl.
  4. Rename the <FTA_INST_DIR>\ssl\server.crt file to <FTA_INST_DIR>\ssl\server.arm.
  5. Open the localopts configuration file in the fault-tolerant agent instance.
  6. Complete one of the following attributes in the # Attributes for CLI connections configuration section and perform the actions:
    CLISSLSERVERCERTIFICATE
    Specify the absolute path of the server.arm file on the fault-tolerant agent machine. In this example, <FTA_INST_DIR>\ssl\server.arm.
    CLISSLTRUSTEDDIR
    Specify the path of the directory that contains all the certificates.arm files also the <FTA_INST_DIR>\ssl\server.arm that the remote command-line client can trust.
    Note: Do not set simultaneously the CLISSLSERVERAUTH and CLISSLTRUSTEDDIR values. For more information about the SSL configuration, see Connection security overview.
  7. Save the localopts file.
  8. Restart the fault-tolerant agent processes to accept the localopts changes.