IBM BPM, V8.0.1, All platforms > Securing IBM BPM and applications > Configure SSL for IBM BPM

Configure Process Designer to access Process Center using Secure Socket Layer (SSL)

The following steps are required to make the communication between the Process Designer and Process Center work using SSL.

Procedure

1. Navigate to the Process Designer installation location, for example: C:\IBM\ProcessDesigner\v8.0.1.
2. Open the eclipse.ini file.
3. Locate -Dcom.ibm.bpm.processcenter.url and modify it to specify the correct Process Center URL.

   For example, Dcom.ibm.bpm.processcenter.url= http://localhost:9080.

4. Change http://PC_hostname:non_secured_port to https://PC_hostname:secured-port.
5. Save and close the eclipse.ini file.
6. Navigate to the sas.client.props file.

   For example: C:\IBM\ProcessDesigner\resources.

7. Modify the following section to specify SSL client support.

   # Does this client support/require SSL connections?  
   com.ibm.CSI.performTransportAssocSSLTLSRequired=true
   com.ibm.CSI.performTransportAssocSSLTLSSupported=true

8. Update the 100Custom.xml file to include the following section.

   <properties merge="mergeChildren">
   		<authoring-environment merge="mergeChildren">
   			<repository-prefix merge-"replace>https:// host_Name: port_Number/ProcessCenter </repository-prefix>
   		</authoring-environment>
   
   <server merge="mergeChildren">
   
   		<repository-server-url merge="replace">https:// host_Name: port_Number/ProcessCenter </repository-server-url>
   
   		<server-port merge="replace"> port_Number</server-port>
   
   		<deploy-snapshot-using-https merge="replace">true</deploy-snapshot-using-https>
   
   </server>
   </properties>

   For information on editing the 100Custom.xml file, see Modify IBM Process Server connection properties .

9. In the WebSphere Application Server administrative console, click Security > Global security > RMI/IIOP Security > CSIv2 inbound communications.
10. Verify that the Propagate security attributes option is selected.
11. Verify that Supported is selected in the Client certificate authentication drop-down menu.
12. Verify that SSL-required is selected in the Transport drop-down menu.
13. Launch the Process Designer and verify access to the Process Center using SSL.

14. If you have created and configured your own trust store, you must modify one of the following configuration files to point to the correct location for your trust store:
    • Standalone configuration: NodeDefaultTrustStore
    • Network deployment configuration: CellDefaultTrustStore

    When the Process Designer is downloaded, by default a trust.p12 file will be included with the compressed file. The trust.p12 file that is included reflects what is specified for the NodeDefaultTrustStore (stand-alone server) or CellDefaultTrustStore (ND environment) found in the Administrator console under Global Security > SSL certificate and key management > Key stores and certificates. The trust.p12 file from that server location is copied and the password is set to WebAS before it is included in the compressed file. If you have configured a custom trust store with a different password or have multiple trust stores, you must manually copy the trust.p12 file from the server to your Process Designer install directory and update the -Djavax.net.ssl.trustStoreType, -Djavax.net.ssl.trustStore, and -Djavax.net.ssl.trustStorePassword properties in the eclipse.ini file.

15. Verify your configuration.

    1. Log in to the Process Designer.
    2. Right-click the Process Apps tab and select Properties.
    3. Confirm that the Address: (URL) section contains the https:// PC hostname: secured port secure address.

Configure SSL for IBM BPM

Related information:
Troubleshooting and support for IBM BPM