Add the CA certificate to the Process Engine private JRE keystore and
set the Content Engine URI for
the https protocol
Use the procedures in this task to configure SSL communication
between Process Engine and Content Engine. Complete these procedures
on all nodes in a Process Engine farm.
- On the Process Engine server,
add the CA certificate to Process Engine private
JRE keystore, if it does not already contain it. This is the Content Engine application server SSL
certificate. The private JRE keystore is typically located in the
following location:
Option |
Description |
UNIX® |
/opt/IBM/FileNet/ProcessEngine/java/jre/lib/security |
Windows® |
\Program Files\IBM\FileNet\Process Engine\java\jre\lib\security |
- Use the keytool to import the CA certificate to the Java
keystore. Enter the following as a single line:
\PE_installation_directory\java\jre\bin\keytool
-import -file cert_file_name
-alias alias -keystore cacerts -storepass password
where:
cert_file_name is
the full path and file name of the SSL Certificate file you exported
from the Content Engine.
alias is
a unique name identifying the keystore entry. password is
the keystore password. The default password is changeit.
cacerts
is the default keystore for Process Engine and
is located in the ../security directory.
- Change the protocol in the Content Engine URI in Process Task Manager
Security settings from http to https and set an appropriate port for
the https protocol. For example:
Protocol |
Default Port |
App Server |
Sample URL |
HTTPS |
9443 |
WebSphere® Application
Server |
https://CE_server:9443/wsi/FNCEWS40MTOM/ |
HTTPS |
7002 |
WebLogic |
https://CE_server:7002/wsi/FNCEWS40MTOM/ |
HTTPS |
8443 |
JBoss |
https://CE_server:8443/wsi/FNCEWS40MTOM/ |