Documentum xCP 2.3 SSL Connection

Hi All,

We want to configure SSL with certificate in Documentum xCP Application. We are using tomcat.

In deployment guide, we configured the tomcat part without any error. It works charm. Only the viewer have problem to show the document.

In deployment guide, there is a part about viewer and we also updated dm_server_config https url.

We need to configure jboss to ssl connection in 9082. Our 9082 is ok.

Then we login the DA for checking method server and documentum CTS.

Mehod server seems good but in CTS part,We do not see any old CTS instance in the list.

it says http_w_connection_error : unable to create socket 9082.

Can we need to secure all method server, content server, docbroker and CTS ?

Is there a best practice guide for ssl configuration for all modules?

Thanks for the help,

Find more posts tagged with

Documentum

BPM

Note:

If there are Accepted Answers, those will be shown by default. You can switch to 'All Replies' by selecting the tab below.

Accepted answers

Haroon_A

Isn't the viewer using ACS as opposed to JMS? Can you confirm that?

If so, then you need to update the url in your dm_acs_config. and the connector section in your method server, which it seems that you have done so.

All comments

KamranBhatti

Hi Ibrahim,

With respect to CTS below are the instructions on how to configure CTS for SSL :

Configuring CTS Server to run in SSL Mode:

CTS Server and CTS Web Services can be configured to run in SSL mode (that is, https instead of http).

This is enabled at the application server level, where each application server has their own procedure to make it handle https. However, CTS must be updated to accept the new SSL port.

For any real time requests, the CTS Webservice server communicates to the CTS Server through http. CTS server bundles the Jetty application server with it. To configure this communication in SSL (https) mode, the following procedures have been provided.

To configure CTS WebServer to run in SSL mode, consult publicly available reference material, for example, http://i-proving.ca/space/Technologies/JBoss/Configuring+JBoss+SSL or http://it.amid.com/2009/01/27/ssl-from-java-client/.

To configure CTS Server to run in SSL mode:

1. Jetty's status can be verified as follows:

Start the CTS server.
Run the following query against the repository to get the Jetty running URL:

Select websrv_url, hostname from cts_instance_info

Try the attribute value of websrv_url from a browser to see if it is running.

2. Configure Jetty to run in SSL mode.

The following site may be helpful: http://docs.codehaus.org/display/JETTY/How+to+configure+SSL

The Jetty config file can be found on the CTS server under \CTS\Jetty\.
To verify the new SSL URL, run the following URL from the CTS server browser:

http://<localhost>:<ssl_port>/cts/

If the URL is successful, update the cts_instance_info object in the repository to set the new URL to websrv_url attribute by running the following query:

DQL> Update cts_instance_info object set websrv_url=<new_ssl_url> where hostname=<ctsserver_hostname_here>

Restart the CTS server.
Restart CTS Webserver service.

Thanks,
Kamran.

Haroon_A

Isn't the viewer using ACS as opposed to JMS? Can you confirm that?

If so, then you need to update the url in your dm_acs_config. and the connector section in your method server, which it seems that you have done so.

ibrahim.bicinciler

Hi Kamran,

Thanks for your reply. I applied these steps but no luck. It gave same error.

When i tried to run start.jar in jetty standalone, port is available but with cts service starting. My secure url is not running.

I am little confused about am i really need to secure CTS.

ibrahim.bicinciler

Hello Ahmad,

I check my acs url. It looks fine and it has secure link below.

https://test:9082/ACS/servlet/ACS

How can i check connection section of my method server?

Is that in dm_jms_config?

ibrahim.bicinciler

I solved this issue by changing the acs connection protocol in da. My acs link is correct but the protocol is http.

When i changed https, it works like a charm.