Macromedia live cycle 7.2 매뉴얼
65
10
Configuring SSL on JBoss
This chapter describes how to create SSL credentials and configure SSL on the application server to
enhance the security of communication with your application server.
enhance the security of communication with your application server.
Note:
It is recommended that you complete the installation, configuration, and deployment of the
LiveCycle products and ensure that the products are running correctly before configuring SSL on
the application server.
LiveCycle products and ensure that the products are running correctly before configuring SSL on
the application server.
It is important to ensure that the security settings configured on the application server and in the
LiveCycle.ear file are consistent. If you have not already enabled SSL in the Data Manager Module
(assembled as part of the LiveCycle.ear file), run Configuration Manager to reconfigure and reassemble the
product with SSL enabled. The SSL password that you specify in Configuration Manager must match the
password that you provide when configuring SSL on the application server. (See
LiveCycle.ear file are consistent. If you have not already enabled SSL in the Data Manager Module
(assembled as part of the LiveCycle.ear file), run Configuration Manager to reconfigure and reassemble the
product with SSL enabled. The SSL password that you specify in Configuration Manager must match the
password that you provide when configuring SSL on the application server. (See
To configure SSL on JBoss, you must first create a credential using the Java keytool. You can then enable
SSL on the application server by editing the jacorb.properties file in the [appserver root]/server/all/conf
directory. Then you must edit the jboss-service file in the [appserver root]/server/all/conf directory.
SSL on the application server by editing the jacorb.properties file in the [appserver root]/server/all/conf
directory. Then you must edit the jboss-service file in the [appserver root]/server/all/conf directory.
Also note that keytool is typically located in your Java jre/bin directory. For information about using
keytool, see the keytool.html file that is part of your JDK documentation.
keytool, see the keytool.html file that is part of your JDK documentation.
Note:
The password you type as the keystore password must correspond with the PassPhrase specified in
the Data Manager Module. By default, this password is bedrock. You should change this password
when you configure the Data Manager Module, but ensure that the password you enter in this step
matches that password.
the Data Manager Module. By default, this password is bedrock. You should change this password
when you configure the Data Manager Module, but ensure that the password you enter in this step
matches that password.
The value for validity, 3650, is an example. This value indicates 10 years (in days). You can set this
value to the number of days appropriate to your use.
value to the number of days appropriate to your use.
If the application server is configured to communicate with other application servers, you must add the
server’s certificates to the set of trusted certificates. This enables the server to confirm that it has reached
the expected server when, for example, you make a policy call.
server’s certificates to the set of trusted certificates. This enables the server to confirm that it has reached
the expected server when, for example, you make a policy call.
You must edit the jboss-service.xml file located in the [appserver root]/server/all/conf directory to ensure
that data transmitted between LiveCycle Policy Server and its clients is encrypted. Additionally, this
configuration allows the API to confirm the identity of the server with which it is communicating.
that data transmitted between LiveCycle Policy Server and its clients is encrypted. Additionally, this
configuration allows the API to confirm the identity of the server with which it is communicating.