Provisioning Reference GuideSPML ServiceSPML Service Configuration › Configure SPML Client Computer to Support SSL Security

Previous Topic: Configure SSL Support for Tomcat Servers

Next Topic: CMDRA Commands

Configure SPML Client Computer to Support SSL Security

The SPML Web Service requires that the Secure Socket Layer (SSL) be enabled. The SPML clients, the CMDRA, SPML Manager, and SPML Feed must trust the SSL server certificate to communicate with the server.

Note: Third party requesting authorities will need to support SSL to communicate with the SPML Web Service.

To configure the SPML client computer to use SSL security, perform the following steps:

  1. Install the SSL certificate to the user's trusted keystore on the computer where the Requesting Authority runs. (By default, the SSL certificate will be added to the .spmlkeystore file in the user's home directory, as determined by the %HOMEPATH% system property.)
    1. In a web browser, open the following URL: 
      	https://spmlserver.yourcompany.com:8443
    2. Double click on the SSL certificate icon at the bottom right corner of web browser to view the certificate.
    3. On the Certificate Viewer window, select the Details tab and click Copy to File.
    4. Save the server certificate.
    5. Run the following command: 
      <drive>:\<JRE-File-Path>\bin\keytool -import -file <Certificate-File-Path> -keystore "%HOMEDRIVE%%HOMEPATH%\.spmlkeystore" -storepass changeit -noprompt

    This command creates a new keystore called .spmlkeystore, located in user's home directory (as determined by "%HOMEDRIVE%%HOMEPATH%"). The batch files that launch the RA clients (SPMLManager, Command Line RA, and SPML Feed) read this file to allow SSL communication.

    Note: By default the batch files use the truststore path and password as defined by the keytool command described in step 1e. To use different path and password, variables set in the batch files for each client have to be modified accordingly. For example:

    set TRUSTSTORE=%HOMEDRIVE%%HOMEPATH%\.spmlkeystore

    set TRUSTSTORE_PASSWORD=changeit
  2. Test the SPML Service with the Command Line RA:
    1. Open the login.properties file, in the Command Line RA directory, to make sure that HTTPS version of the Server URL is used and user logon details are correct.
    2. Open the command line prompt.
    3. From the Command Line RA directory, type: 
      	RA.batsampleXML\schemaRequest.xml