Skip to main content

Configuring SSL to access Remote Servers

There are multiple use cases of using SSL to access remote server:

  • Configuring HTTPS for Remote Metadata Harvesting Agents (Remote MIMM Server)
  • Configuring SSL for Harvesting Metadata with API based bridges (e.g. a database server via JDBC)
  • Configuring SSL for Repository Storage (database server via JDBC)
  • Configuring LDAPS for Enterprise Directory

In all above uses cases, no extra setup is needed when using an official certificate signed by a Certificate Authority (CA), as using the https based URL is enough.

However, when using a self signed certificate, then such a certificate needs to be explicitly imported in the java environment of your server. The recommended method to import such a certificate is using the -certificate options of the Setup utility as explained in Server Installation and Configuration.
[{ -ch | --certificate-host }] Certificate: the host name to retrieve the certificate for
[{ -cp | --certificate-port }] Certificate: the port number to connect to
For example:
$MM_HOME/Setup.sh -ch MyServer.MyDomain.com -cp 443
If the above method fails, you may manually import the certificate into the java environment keystore as follows:
cd $MM_HOME/jre/lib/security
mv jssecacerts jssecacerts.old
$MM_HOME/bin/keytool -importkeystore -srckeystore YourSelfSignedCertificate -keystore jssecacerts
$MM_HOME/RestartServerApplication.sh (or RestartServerService.bat on Windows)
Note that the above import steps have to be repeated for the self signed certificate of every remote servers.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!