FileNet P8 Process Engine, Version 5.0.+              

Configuring SSL communication between Process Engine and Content Engine

Add the CA certificate to the Process Engine private JRE keystore and set the Content Engine URI for the https protocol

Use the procedures in this task to configure SSL communication between Process Engine and Content Engine. Complete these procedures on all nodes in a Process Engine farm.
  1. On the Process Engine server, add the CA certificate to Process Engine private JRE keystore, if it does not already contain it. This is the Content Engine application server SSL certificate. The private JRE keystore is typically located in the following location:
    Option Description
    UNIX® /opt/IBM/FileNet/ProcessEngine/java/jre/lib/security
    Windows® \Program Files\IBM\FileNet\Process Engine\java\jre\lib\security
  2. Use the keytool to import the CA certificate to the Java keystore. Enter the following as a single line:

    \PE_installation_directory\java\jre\bin\keytool 
    -import -file cert_file_name
     -alias alias -keystore cacerts -storepass password

    where:

    cert_file_name is the full path and file name of the SSL Certificate file you exported from the Content Engine.

    alias is a unique name identifying the keystore entry. password is the keystore password. The default password is changeit.

    cacerts is the default keystore for Process Engine and is located in the ../security directory.

  3. Change the protocol in the Content Engine URI in Process Task Manager Security settings from http to https and set an appropriate port for the https protocol. For example:
    Protocol Default Port App Server Sample URL
    HTTPS 9443 WebSphere® Application Server https://CE_server:9443/wsi/FNCEWS40MTOM/
    HTTPS 7002 WebLogic https://CE_server:7002/wsi/FNCEWS40MTOM/
    HTTPS 8443 JBoss https://CE_server:8443/wsi/FNCEWS40MTOM/


Feedback

Last updated: November 2010


© Copyright IBM Corporation 2010.
This information center is powered by Eclipse technology. (http://www.eclipse.org)