Changing the default Secure Sockets Layer repertoire key files

 

Changing the default Secure Sockets Layer repertoire key files

The default Secure Sockets Layer (SSL) repertoire is used to securely communicate between internal Java processes when you enable global security. If you change the key files that are used by the deployment manager default SSL repertoire, change the default SSL key files of the federated nodes to the same key files that are used by the deployment manager default SSL repertoire. After changing the default SSL key files that are used by the deployment manager, but before federating a new node with global security enabled, change the default SSL key files of the unfederated node to match the key files that are used by the deployment manager. Without this change, the deployment manager fails to connect to the unfederated node when the deployment manager attempts to federate it. Complete the following instructions to configure the deployment manager and the nodes to use the new key file:

  1. Click Security > SSL > node_SSL_settings.

  2. Modify the value of the Key File Name and Key File Password fields to access the new key file.

  3. Select the format from the Key File Format options that matches the format used by the new key file.

  4. Modify the value of the Trust File Name and Trust File Password fields to access the new trust file.

  5. Select the format from the Trust File Format options that matches the format that is used by the new trust file.

  6. Click Apply to apply the changes.

  7. If error messages do not display at the top of the window, click Save to save the changes to the master configuration.

    Important: Do not restart the deployment manager before completing the previous steps for the default SSL repertoire settings on the federated node or nodes. If you restart the deployment manager before you change the default SSL key files for the federated nodes, the deployment manager cannot communicate with the federated nodes with global security enabled. To fix this problem, revert the deployment manager default SSL key files back to the original key and trust files and restart the deployment manager.

 

What to do next

Repeat the steps for the SSL settings on each federated node. If a federated node is on a separate machine, copy the key and trust files onto that machine. After repeating the steps for each federated node, restart the deployment manager and all of the federated nodes.


Related concepts

Secure Sockets Layer

Related tasks

Configuring Secure Sockets Layer (SSL)

Defining Secure Sockets Layer connections


Searchable topic ID: tsec_defsslrepkey