Configure a secure connection

Configure a secure connection (using a protocol such as TLS) on the CSA node for communication from the load balancer node or the Apache load balancer node and between each CSA node in the cluster.

  1. To configure a secure connection between CSA and the load balancer node or the Apache load balancer node:

    1. If you have not already done so, copy the certificate:

      For load balancer: from the load balancer node(load_balancer .crt) to the CSA_HOME/jboss-as/standalone/configuration directory.

      For Apache load balancer: from the Apache load balancer nodeapache_csa.crt) to the CSA_HOME/jboss-as/standalone/configuration directory.

    2. Import the certificate into the JVM on the CSA node using the following command:

      Windows:

      For Load balancer:

      "CSA_JRE_HOME\bin\keytool" -importcert -file CSA_HOME\jboss-as\
      standalone\configuration\load_balancer.crt -alias load_balancer_csa
      -keystore "CSA_JRE_HOME\lib\security\cacerts"

      For Apache load balancer:

      "CSA_JRE_HOME\bin\keytool" -importcert -file CSA_HOME\jboss-as\
      standalone\configuration\apache_csa.crt -alias apache_csa
      -keystore "CSA_JRE_HOME\lib\security\cacerts"

      Linux:

      For Load balancer:

      CSA_JRE_HOME/bin/keytool -importcert -file CSA_HOME/jboss-as/
      standalone/configuration/load_balancer.crt -alias load_balancer_csa
      -keystore CSA_JRE_HOME/lib/security/cacerts

      For Apache load balancer:

      CSA_JRE_HOME/bin/keytool -importcert -file CSA_HOME/jboss-as/
      standalone/configuration/apache_csa.crt -alias apache_csa
      -keystore CSA_JRE_HOME/lib/security/cacerts

      where <CSA_JRE_HOME> is the directory in which the JRE that is used by CSA is installed..

  2. Copy and import the certificate of each CSA node to every other CSA node in the cluster:

    1. Copy the certificate of each CSA node to every other CSA node in the cluster. The certificate file on each CSA node is CSA_HOME/jboss-as/standalone/configuration/jboss.crt.

      For example, copy the certificates from csa_node2 and csa_node3 to csa_node1 to the directory C:\CSA-Certificates on Windows or /tmp/CSA-Certificates. Rename the certificate files with unique names, such as jboss-csa_node2.crt and jboss-csa_node3.crt.

    2. Import each certificate into the JVM of that CSA node.

      For example, on csa_node1, run the following commands:

      Windows:

      "CSA_JRE_HOME\bin\keytool" -importcert -file C:\CSA-Certificates\jboss-csa_node2.crt -alias csa_node2 -keystore "CSA_JRE_HOME\lib\security\cacerts"

      "CSA_JRE_HOME\bin\keytool" -importcert -file C:\CSA-Certificates\jboss-csa_node3.crt -alias csa_node3 -keystore "CSA_JRE_HOME\lib\security\cacerts"

      Linux:

      CSA_JRE_HOME/bin/keytool -importcert -file /tmp/CSA-Certificates/jboss-csa_node2.crt -alias csa_node2 -keystore CSA_JRE_HOME/lib/security/cacerts

      CSA_JRE_HOME/bin/keytool -importcert -file /tmp/CSA-Certificates/jboss-csa_node3.crt -alias csa_node3 -keystore CSA_JRE_HOME/lib/security/cacerts