Configuring and Administering CA XCOM Gateway › Configure CA XCOM Gateway › Configure SSL Communication › Communication Between the CA XCOM Gateway Server and the CA XCOM Interface Server

Communication Between the CA XCOM Gateway Server and the CA XCOM Interface Server

The CA XCOM Gateway server uses web services to communicate with the CA XCOM Interface Server and can be configured to use the secure https protocol for this communication.

To enable the use of the https protocol for communication with the CA XCOM Interface Server

1. Configure JBoss to support SSL.

   Internally, JBoss uses Apache Tomcat Server, which handles SSL communication through the https protocol. Enabling support for SSL by the Tomcat server requires the following:

   • Installation of an X509 certificate within a keystore
   • Revision of the Tomcat configuration to turn on SSL, referencing the related keystore and certificate

   Detailed information can be found on the http://tomcat.apache.org website and by searching the internet using the keywords “tomcat SSL configuration.”

2. Configure the CA XCOM Interface Server to use SSL.

   After installation of CA XCOM Gateway, the https protocol can be configured by updating the Global Parameters offline, to change the INTERFACEURL attribute within the WEBSERVICES xml element, so that it specifies the https protocol with the appropriate port number.

3. Next, the certificate created and stored in the JBoss SSL keystore needs to be imported into the CA XCOM Gateway keystore. To find and import the necessary certificate, execute the following commands against the JBoss keystore (keystore passwords will be needed):

   Note: Replace the “<…>” in these examples with the actual values.

   1. To list the certificates in the JBoss keystore, execute the following command:

      "%JAVA_HOME%\\bin\\keytool.exe" -list -keystore <jboss keystore file>
      

      Example output:

      Your keystore contains 1 entries
      

      authoritycertificate, May 19, 2010, trustedCertEntry,
      

      Certificate fingerprint (MD5):
      5B:68:BE:49:4B:56:F5:74:84:EB:C2:C4:BD:D7:05:61
      

   2. To export the trustedcertentry from the JBoss keystore, execute the following command:

      "%JAVA_HOME%\\bin\\keytool.exe" -export -alias authoritycertificate  -file cert.cer -keystore <jboss keystore file>
      

   3. To import the cert into the CA XCOM Gateway keystore, execute the following command (and reply yes to trusting certificates):

      "%JAVA_HOME%\\bin\\keytool.exe" -import -alias authoritycertificate -file cert.cer -keystore <gateway keystore file>