Configuring One-Way SSL

One-way SSL is the most common, standard implementation of SSL in client / server connections. In this mode, when a client attempts to connect with the server, the server offers the client a signed certificate. This certificate can be self-signed or signed by a Certificate Authority (CA). If the CA is trusted by the client in its local trust store, and the certificate is validated, or if the client is configured to accept the self-signed certificate, the connection is established.

To enable SSL in your Silver Fabric Component:

Procedure

  1. On the Silver Fabric Administration Tool, go to Stacks > Components.
  2. Select the Edit Component action for to your Component.
  3. Select Add/Edit Component Features.
  4. Select the HTTP Support feature and click Edit.
  5. Select the HTTPS Enabled option and clear the HTTP Enabled option to create a pure SSL configuration.
  6. Click OK.
  7. The server uses the demo keystore bundled with Tomcat by default. If this is sufficient for your needs, click Finish and you are done.
  8. Select Add/Override/Edit Enabler and Component-Specific Runtime Context Variables and configure the following environment variables as necessary to use a custom certificate:
    • SERVER_KEY_STORE_FILE — Server keystore file location for incoming SSL connections. In the definition, you can use the variable ${CATALINA_HOME}, which expands to the Tomcat application server home directory for the enabler at run time.
    • SERVER_KEY_STORE_PASSWORD — Password for the server keystore.
    • CLIENT_TRUST_STORE_FILE — Trust store file used when connecting to the JMX server.
    • CLIENT_TRUST_STORE_PASSWORD — Client trust store password used when connecting to the JMX server.
    Click OK when finished. You can now upload your keystore files.
  9. Select Add/Override/Customize Enabler and Component-Specific Content Files.
  10. Click Upload.
    The Add File screen is displayed.
  11. Complete the screen as follows:
    1. Enter a name for your server keystore file in the Name field.
    2. Enter the path you used for SERVER_KEY_STORE_FILE above in the Relative Path field.
    3. Enter your server keystore file in the File field.
    4. Click OK.
  12. Repeat the previous two steps to upload CLIENT_TRUST_STORE_FILE.
  13. Click Finish.
  14. Select Publish Component from the Actions list to deploy the component.