Documentum xCP 2.3 SSL Connection

ibrahim.bicinciler
edited April 21, 2017 in Documentum #1

Hi All,

We want to configure SSL with certificate in Documentum xCP Application. We are using tomcat.

In deployment guide, we configured the tomcat part without any error. It works charm. Only the viewer have problem to show the document.

In deployment guide,  there is a part about viewer and we also updated dm_server_config https url.

We need to configure jboss to ssl connection in 9082. Our 9082 is ok.


Then we login the DA for checking method server and documentum CTS.

Mehod server seems good but in CTS part,We do not see any old CTS instance in the list.

it says http_w_connection_error : unable to create socket 9082.

Can we need to secure all method server, content server, docbroker and CTS ?

Is there a best practice guide for ssl configuration for all modules?

Thanks for the help,

Tagged:

Best Answer

  • Haroon_A
    edited April 21, 2017 #2 Answer ✓

    Isn't the viewer using ACS as opposed to JMS? Can you confirm that?

    If so, then you need to update the url in your dm_acs_config. and the connector section in your method server, which it seems that you have done so.

Answers

  • KamranBhatti
    edited April 21, 2017 #3

    Hi Ibrahim,

    With respect to CTS below are the instructions on how to configure CTS for SSL :

    Configuring CTS Server to run in SSL Mode:

    CTS Server and CTS Web Services can be configured to run in SSL mode (that is, https instead of http).

    This is enabled at the application server level, where each application server has their own procedure to make it handle https. However, CTS must be updated to accept the new SSL port.

    For any real time requests, the CTS Webservice server communicates to the CTS Server through http. CTS server bundles the Jetty application server with it. To configure this communication in SSL (https) mode, the following procedures have been provided.

    To configure CTS WebServer to run in SSL mode, consult publicly available reference material, for example, http://i-proving.ca/space/Technologies/JBoss/Configuring+JBoss+SSL or http://it.amid.com/2009/01/27/ssl-from-java-client/.

    To configure CTS Server to run in SSL mode:

    1. Jetty's status can be verified as follows:

    1. Start the CTS server.
    2. Run the following query against the repository to get the Jetty running URL:

    Select websrv_url, hostname from cts_instance_info

    1. Try the attribute value of websrv_url from a browser to see if it is running.

    2. Configure Jetty to run in SSL mode.

    The following site may be helpful: http://docs.codehaus.org/display/JETTY/How+to+configure+SSL

    1. The Jetty config file can be found on the CTS server under \CTS\Jetty\.
    2. To verify the new SSL URL, run the following URL from the CTS server browser:

    http://<localhost>:<ssl_port>/cts/

    1. If the URL is successful, update the cts_instance_info object in the repository to set the new URL to websrv_url attribute by running the following query:

    DQL> Update cts_instance_info object set websrv_url=<new_ssl_url> where hostname=<ctsserver_hostname_here>

    1. Restart the CTS server.
    2. Restart CTS Webserver service.

    Thanks,
    Kamran.

  • Haroon_A
    edited April 21, 2017 #4 Answer ✓

    Isn't the viewer using ACS as opposed to JMS? Can you confirm that?

    If so, then you need to update the url in your dm_acs_config. and the connector section in your method server, which it seems that you have done so.

  • ibrahim.bicinciler
    edited April 21, 2017 #5

    Hi Kamran,

    Thanks for your reply. I applied these steps but no luck. It gave same error.

    When i tried to run start.jar in jetty  standalone, port is available but with cts service starting. My secure url is not running.

    I am little confused about am i really need to secure CTS.

  • ibrahim.bicinciler
    edited April 21, 2017 #6

    Hello Ahmad,

    I check my acs url. It looks fine and it has secure link below.

    https://test:9082/ACS/servlet/ACS

    How can i check connection section of my method server?

    Is that in dm_jms_config?

  • ibrahim.bicinciler
    edited April 21, 2017 #7

    I solved this issue by changing the acs connection protocol in da. My acs link is correct but the protocol is http.

    When i changed https, it works like a charm.