You can set up two-server SSL redirect for Application Engine. In this configuration,
one Application Engine server is
SSL-enabled, and the other Application Engine redirects
users to the SSL-enabled Application Engine server
to log on.
Procedure
- Install Application Engine on
both computers so that both Application Engine installations
use the same bootstrap.properties file and site
preferences file (the setup program will prompt you for a shared location).
During setup of the first Application Engine, create a share on the
folder where the bootstrap.properties file is
installed (the \WEB-INF folder). Then during
setup of the second Application Engine,
specify the shared location from the first installation. The bootstrap.properties file
must already exist when specifying a shared location.
Important: The
system clocks on the two
Application Engine servers
must be synchronized to within the Token time-out interval. For more
information, see
User tokens.
- Copy the UTCryptokeyFile.properties file.
For SSL redirect to work, each Application Engine must use the same User
Token cryptographic key file.
After installing the second Application Engine, copy the UTCryptoKeyFile.properties file
from the first Application Engine server
to the same location on the second Application Engine server.
Copy the
file over a secure link.
- Enable SSL on the application server that you are using
for the SSL-enabled Application Engine (see
your SSL documentation).
- Sign in to Workplace on
the non-SSL enabled Application Engine.
- On any computer, open a browser and type:
http://ApplicationEngineServerName:port#/Workplace
- Sign in as a user with Application Engine Administrator
access role privileges. For more information, see Access roles preferences.
- Set bootstrap preferences:
- Navigate to .
- Set the Security info Site Preference SSL Host:Port
to identify the alias host name and port number.
- Click Apply to save your bootstrap
settings.
- Update the base URL:
- Navigate to .
- Enter the Workplace Base
URL value in the provided field. The URL must contain a valid host
name, and not contain localhost or an IP number. For example, http://myserver:7001/Workplace
For
more information, see Refresh preferences.
- Click Refresh to update the base
URL.
- Click Exit to close Site Preferences.
- Sign out of Workplace,
and close your browser.
- Test the SSL connection by signing into Workplace using the following
URL: http://Application_Engine_server_name:non-SSL
port#/Workplace
You will be redirected to
the SSL-enabled server for sign in, then back to the non-SSL enabled
server after sign-in is complete. Before sign-in, you should receive
a warning that you are accessing pages over a secure connection (unless
you turned this dialog box off), and then Workplace will open.