Enable SSL Communication Between Components

camm37
The TLS 1.0 had some known cryptographic design flaws. With this release, we enhanced the remote service to accept connections using TLS 1.2 encryption.
Use the validateSSL.sh script in 
CAMM_Home/tools
 directory to enable SSL communication between CA Mediation Manager components. You can either use the Signed Certificate and Key issues by Certificate Authority (CA) or external Keystore with CA Signed certificate, to initialize the SSL communications between the CA Mediation Manager components. When you select any option to enable SSL, the CA Mediation Manager stops the connected components. Perform the following steps on both MultiController and LocalController. You must restart the components manually for the change to take effect.
Follow these steps:
  1. Run the 
    validateSSL.sh
     script from the 
    <CAMM_Home>/tools
     directory. The script prompts you to select the certificate.
    Please select any one from the below options: 1. Do you have an existing signed certificate and key? 2. You have a Keystore file and want to validate the keystore?
  2. Select the option that suits your certificate validation.
  3. At the prompt, specify the location and filename of the keystore.
    Specify the location and filename of the Keystore:
    For Example:
     /opt/SSLs/myserver.keystore
  4. Specify the keystore and SSL certificate password when prompted.
    Please enter the Password for Keystore Please enter the Password for SSL Certificate>
    The script validates the keystore and displays the certificate information.
  5. (Optional) Run the following command to validate the password encryption.
    cat ../GE_root/Keystore_Details.xml
    The script displays the encrypted Keystore details.
  6. From the MultiController or LocalControlle, start the controller using the 
    ./startall
     command.
  7. Navigate to the log directory on your MultiController or LocalController, to view the status.
  8. Use the 
    cat <Log_Filename>.log
     command to view status.
  9. In the log file look for the following status.
    INFO: Initializing SSLContext with config file/opt/CA/CAMM/tools/myserver.keystore
    All further communication between the CA Mediation Manager components use the new SSL encryption.