Engines and Engine Daemon HTTPS
To enable Engines and Engine Daemons to trust the Broker:
| 1. | Place the ssl.pem and ssl.keystore files in the DS_DATA/engineUpdate/shared directory. |
| 2. | Copy both files to the root directory of each Engine installation. You must copy the ssl.pem and ssl.keystore files by hand to each Engine already installed, and to any subsequently installed Engines. |
| 3. | When installing Engines, you must use the SSL port, 8043 and for Windows use https in the URL. For UNIX, you must give the -l y arguments to use SSL. |
You must enable HTTPS on the Manager for login, connection for Engine Daemons, and connection for Engine instances.
To enable SSL for Engine instance and Engine Daemon login, you must set the Managers to the HTTPS location in the Engine Configuration.
To enable SSL for Engine communication, you must enable it on the Manager. SSL is enabled for Engine Daemons on Directors. If your Manager is configured to use HTTPS for all Messaging, Engines already use HTTPS.
To enable SSL for Engines if you did not enable HTTPS for all messaging:
Procedure
| 1. | Go to Admin > System Admin > Manager Configuration > Security. |
| 2. | Under Component HTTPS Communication, set Use HTTPS for Engine Communication to True. |
| 3. | Click Save. |
To enable SSL for Engines Daemons on a Manager:
Procedure
| 1. | Go to Admin > System Admin > Manager Configuration > Security. |
| 2. | Under Component HTTPS Communication, set Use HTTPS for Engine Daemon Communication to True. |
| 3. | Click Save. |
To enable domain-only authentication, you can use a wildcard (*) for the hostname in the CN field of your certificate. (For example. your CN could be set to *.example.com.)