FileNet P8 Application Engine, Version 5.2.1              

Setting up SSL redirect on two Application Engine servers

You can set up two-server SSL redirect for Application Engine. In this configuration, one Application Engine server is SSL-enabled, and the other Application Engine redirects users to the SSL-enabled Application Engine server to log on.

Procedure

  1. Install Application Engine on both computers so that both Application Engine installations use the same bootstrap.properties file and site preferences file (the setup program will prompt you for a shared location).

    During setup of the first Application Engine, create a share on the folder where the bootstrap.properties file is installed (the \WEB-INF folder). Then during setup of the second Application Engine, specify the shared location from the first installation. The bootstrap.properties file must already exist when specifying a shared location.

    Important: The system clocks on the two Application Engine servers must be synchronized to within the Token time-out interval. For more information, see User tokens.
  2. Copy the UTCryptokeyFile.properties file.

    For SSL redirect to work, each Application Engine must use the same User Token cryptographic key file.

    After installing the second Application Engine, copy the UTCryptoKeyFile.properties file from the first Application Engine server to the same location on the second Application Engine server.

    Copy the file over a secure link.

  3. Enable SSL on the application server that you are using for the SSL-enabled Application Engine (see your SSL documentation).
  4. Sign in to Workplace on the non-SSL enabled Application Engine.
    1. On any computer, open a browser and type:

      http://ApplicationEngineServerName:port#/Workplace

    2. Sign in as a user with Application Engine Administrator access role privileges. For more information, see Access roles preferences.
  5. Set bootstrap preferences:
    1. Navigate to Admin > Site Preferences > Bootstrap.
    2. Set the Security info Site Preference SSL Host:Port to identify the alias host name and port number.
    3. Click Apply to save your bootstrap settings.
  6. Update the base URL:
    1. Navigate to Admin > Site Preferences > Refresh.
    2. Enter the Workplace Base URL value in the provided field. The URL must contain a valid host name, and not contain localhost or an IP number. For example, http://myserver:7001/Workplace

      For more information, see Refresh preferences.

    3. Click Refresh to update the base URL.
    4. Click Exit to close Site Preferences.
  7. Sign out of Workplace, and close your browser.
  8. Test the SSL connection by signing into Workplace using the following URL: http://Application_Engine_server_name:non-SSL port#/Workplace

    You will be redirected to the SSL-enabled server for sign in, then back to the non-SSL enabled server after sign-in is complete. Before sign-in, you should receive a warning that you are accessing pages over a secure connection (unless you turned this dialog box off), and then Workplace will open.



Last updated: March 2016
p8pin139.htm

© Copyright IBM Corporation 2013, 2016.