Requirements for required SSL encryption

This configuration is intended for customers who:

  • Want to require SSL encryption for all connections
  • Want to protect against complex SSL-related attacks
  • Want to authenticate that the Service Manager server is a valid host
Certificates required
You must create or obtain the following certificates for SSL encryption.
  • Certificate authority certificate
  • Keystore containing the certificate authority's certificate
  • Service Manager server certificate
Private keys required
You must create or obtain the following private keys for SSL encryption.
  • Certificate authority's private key *
  • Service Manager server private key
* This key is only necessary if you are managing your own private certificate authority.
Parameters required in the server configuration file (sm.ini)
  • keystoreFile – identify the keystore file containing the Service Manager server's certificate and private key
  • keystorePass – identify the password to the keystore file containing the Service Manager server's certificate and private key
  • ssl:1
  • sslConnector:1
  • truststoreFile – identify the keystore file containing the certificate authority's certificate
  • truststorePass – identify the password to the keystore file containing the certificate authority's certificate
Parameters required in the web tier configuration file (web.xml)
You must set the following web parameter.
  • cacerts – identify the keystore file containing the certificate authority that signed the server's certificate
Windows client preferences required
You must set the following preference from the Window > Preferences > Service Manager > Security menu.
  • CA certificates file – identify the keystore file containing the certificate authority that signed the server's certificate
Other requirements
You must do the following additional steps to ensure that Service Manager can use your private certificates.
  • Add your private certificate authority's certificate to a keystore that your web and Windows clients can access
  • Ensure that the Service Manager server's host name matches the common name (CN) listed in the server's signed certificate

Related topics

Example: Generating a server certificate with OpenSSL
Example: Enabling required SSL encryption
Example: Viewing the contents of a cacerts file

Related topics

Requirements for required SSL encryption and client authentication
Requirements for required SSL encryption and trusted clients
Requirements for trusted sign-on