Enable communication between cells that have security enabled
When two cells have security enabled, such as LDAP, perform additional steps so that these cells can communicate with each other.
We must be able to access the deployment manager for each cell to communicate.
We can add a signer certificate to the trust.p12 file, allowing that cell to securely communicate with another cell. You edit the trust.p12 file at the cell level for each cell, and then run the bin/retrieveSigners.sh script in each cell. After you run the script, the cells can communicate through SSL connections.
- Start the deployment manager for each cell.
- On each deployment manager, edit the deployment_manager_profile/properties/ssl.client.props file to change the com.ibm.ssl.trustStore value to the cell-level default trust store.
For example, change the line com.ibm.ssl.trustStore=${user.root}/etc/trust.p12 to com.ibm.ssl.trustStore=deployment_manager_profile/config/cells/cell_name/trust.p12. Remember the original value. You change this value back to the original value after you run the script.
- Run the bin/retrieveSigners.sh script from the first cell, including information for the second cell in the script.
For example:
retrieveSigners.sh CellDefaultTrustStore ClientDefaultTrustStore -autoAcceptBootstrapSigner -conntype SOAP -port 8879 -host seconddmgr.host.ibm.com
- On the first cell, edit the deployment_manager_profile/properties/ssl.client.props file and change the value back to the original com.ibm.ssl.trustStore value.
- On the second deployment manager, check the deployment_manager_profile/properties/ssl.client.props file that the com.ibm.ssl.trustStore value is the cell-level default trust store. Run the bin/retrieveSigners.sh script from the second cell, including information for the first cell.
- On the second cell, edit the deployment_manager_profile/properties/ssl.client.props file to change back to the original com.ibm.ssl.trustStore value.
- Restart all of the cells that you are configuring or ensure that all of the cells have been fully synchronized.
Results
The two cells can establish SSL connections with each other.
Related concepts
Topology Configurations for Multi-Cell Routing
Related tasks
Configure application placement for cells that share the same nodes Use the retrieveSigners command to enable server to server trust Add, managing, and removing nodes