You can use SSL to encrypt the communication between Process
Task Manager and Case Analyzer.
Case Analyzer is part of Content Platform Engine and is deployed
on the same JVM. To enable encryption of the communication between
Case Analyzer and Process Task Manager, you can generate a new certificate
for Case Analyzer. Alternatively, you can have Case Analyzer use the
existing SSL certificate that Content Platform Engine uses. Whether
your certificate is new or existing, you need to export it. The certificate
for Case Analyzer can be self-signed or it can be imported as a third-party
certificate from a certification authority (CA). You do not need to
generate both types of certificates.
To configure SSL for Process Task Manager and Case Analyzer:
- If you want Case Analyzer to use the existing certificate
that Content Platform Engine uses,
skip this step. If you want to generate a new certificate for Case
Analyzer on the Content Platform Engine server,
complete this step, depending on your application server type:
- Export the new or existing certificate from the Content Platform Engine server by completing
the following substeps, depending on your application server type:
- WebSphere Application
Server
- On the Content Platform Engine server,
log on to the WebSphere administrative
console.
- Navigate to .
- Navigate to the signer certificates page, depending on your WebSphere edition or environment:
Table 2. Navigation to the signer certificates
pageEdition or environment |
Navigation |
Base or stand-alone |
|
Network Deployment |
|
- Select either the existing
certificate or the new certificate that you generated on the Content Platform Engine server and click Extract.
- In the File Name field, type the file name
and path to the new or existing certificate that you are exporting
(for example, /opt/IBM/cpeKeystore/CPESelfSignedCert.p12 or /opt/IBM/cpeKeystore/CPE3rdPartyCert.p12).
- In the Data Type field, select Base64-encoded
ASCII data.
- Click OK to create and save your certificate
file.
- WebLogic Server
- Complete the steps in one of the following topics, depending on
the type of certificate you want to export:
- JBoss Application Server
- Complete the steps in one of the following topics, depending on
the type of certificate you want to export:
- Import the exported certificate into a Java trust keystore
that Process Task Manager can use. The keystore can be the default
one that the JDK for Process Task Manager uses; or you can create
a new keystore. To create a new keystore, issue the keytool command
on the Content Platform Engine server,
where the captm tool runs. captm is
the tool for starting Process Task Manager for Case Analyzer and runs
as a stand-alone Java client. For example, to create a
new keystore for a self-signed certificate, issue the following command
(with a carriage return only at the end of the command line):
keytool -genkey -alias CAPTM
-keypass changeit -keystore CAPTMselfsignedServerStore.jks
-storepass changeit -validity 3650
-dname "CN=Host1,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown"
- Create a new truststore by issuing the JDK keytool command
to import the Content Platform Engine certificate
that you saved in step 2d. For example, to create a new truststore
for a self-signed certificate, issue the following command (with a
carriage return only at the end of the command line):
keytool -import -file "CPESelfSignedCert.p12" -alias CPE
-keystore CAPTMselfsignedServerStore.jks -storepass changeit
- Complete the following substeps to determine the JRE that
Process Task Manager for Case Analyzer uses and to add two JVM arguments
to your captm.bat (Windows) or captm.sh (non-Windows)
file:
- Open the captm.bat (Windows) or captm.sh (non-Windows)
file in a text editor.
- Add the JVM -djavax.net.ssl.trustStore and -Javax.net.ssl.trustStorePassword arguments
to the file as in the following example:
$JAVA_HOME/bin/java -cp
/opt/IBM/FileNet/ContentEngine/lib/catoolsResources.jar:
/opt/IBM/FileNet/ContentEngine/lib/catools.jar:
/opt/IBM/FileNet/ContentEngine/lib/pe.jar:
/opt/IBM/FileNet/ContentEngine/lib/peresources.jar:
/opt/IBM/FileNet/ContentEngine/lib/petools.jar:
/opt/IBM/FileNet/ContentEngine/lib/pe3pt.jar:
/opt/IBM/FileNet/ContentEngine/lib/Jace.jar
-Djavax.net.ssl.trustStore= path_to_your_keystore_file
-Djavax.net.ssl.trustStorePassword= password_of_your_keystore
-DJPEINSTALL_DIR=$JPEINSTALL_DIR -DJPEDATA_DIR=$JPEDATA_DIR
-Djava.security.auth.login.config=$JPEINSTALL_DIR/config/jaas.conf.WSI
-Dfilenet.wcmapiconfig=$JPEINSTALL_DIR/config/WcmApiConfig.properties
-DTaskManager.Properties=$JPEINSTALL_DIR/taskman.properties
-Dcom.sun.management.jmxremote
-DPELogLevel=TRACE filenet.vw.apps.taskman.VWTaskApplication $1 $2 $3 $4