Communication Between the CA XCOM Management Center Server and the CA XCOM Interface Server

Configuring and Administering CA XCOM Management Center › Configure SSL Communication › Communication Between the CA XCOM Management Center Server and the CA XCOM Interface Server

Communication Between the CA XCOM Management Center Server and the CA XCOM Interface Server

The CA XCOM Management Center server uses web services to communicate with the CA XCOM Interface Server and can be configured to use the secure https protocol for this communication.

To enable the use of the https protocol for communication with the CA XCOM Interface Server

Configure JBoss to support SSL.
Internally, JBoss uses Apache Tomcat Server, which handles SSL communication through the https protocol. Enabling support for SSL by the Tomcat server requires the following:
- Installation of an X509 certificate within a keystore
- Revision of the Tomcat configuration to turn on SSL, referencing the related keystore and certificate
Detailed information can be found on the http://tomcat.apache.org website and by searching the internet using the keywords “tomcat SSL configuration.”
Configure the CA XCOM Interface Server to use SSL.
After installation of CA XCOM Management Center, the https protocol can be configured by updating the Global Parameters offline, to change the INTERFACEURL attribute within the WEBSERVICES xml element, so that it specifies the https protocol with the appropriate port number.
Using the keytool utility on the CA XCOM Management Center machine, create a new truststore to be used by CA XCOM Management Center and import into it a copy of the JBOSS SSL certificate, created in step 1. To find and import the necessary certificate, execute the following commands against the JBoss keystore (keystore passwords will be needed):
Note: Replace the “<…>” in these examples with the actual values.
1. To list the certificates in the JBoss keystore on the Interface Server machine, execute the following command:
```
"%JAVA_HOME%\\bin\\keytool.exe" -list -keystore <jboss keystore file>
```
Example output:
```
Your keystore contains 1 entries
```
```
authoritycertificate, May 19, 2010, trustedCertEntry,
```
```
Certificate fingerprint (MD5):
5B:68:BE:49:4B:56:F5:74:84:EB:C2:C4:BD:D7:05:61
```
1. To export the trustedcertentry from the JBoss keystore on the Interface Server machine, execute the following command:
```
"%JAVA_HOME%\\bin\\keytool.exe" -export -alias authoritycertificate -file cert.cer -keystore <jboss keystore file>
```
2. To create a Management Center truststore and import the cert into it, execute the following command (and reply yes to trusting certificates) on the Management Center machine:
```
"%JAVA_HOME%\\bin\\keytool.exe" -import -alias authoritycertificate -file cert.cer -keystore <management center truststore file> -storepass <password>
```
On the Management Center machine, set the location of the client truststore using two JVM properties; javax.net.ssl.truststore and javax.net.ssl.trustStorePassword. To do this, edit the JBoss /server/default /deploy/properties-service.xml file and add the following to the 'jboss:type=Service,name=SystemProperties' MBean:
```
<attribute name="Properties">
```
```
javax.net.ssl.trustStore= <full path for the Management Center truststore file >
javax.net.ssl.trustStorePassword= < Management Center truststore password> 
```
```
</attribute>
```

Tell Technical Publications how we can improve this information