Security Certificates for Cluster and Split Environments
To support HTTPS, certificates must be added to each system in your environment. To use self-signed certificates, follow the instructions for your environment setup: cluster environment, or split environment.
Cluster Environment
A cluster environment includes three or more systems: a Publisher and two or more Viewers. For this procedure, these systems are referred to as Publisher, Viewer1, and Viewer2, respectively.
1. On each system, navigate to the following directory: sw/System/WildFly/standalone/configuration
2. Locate the certificate file for the system.
The certificate file is named machineFullName.crt, where machineFullName is the fully qualified domain name for the system. For example, if the fully qualified domain name for the system is Publisher.mycompany.com, then the certificate file is named Publisher.mycompany.com.crt.
3. Copy the certificate file from each system, and paste it into the same directory location on each of the other systems:
◦ Copy the Publisher certificate to Viewer1 and Viewer2
◦ Copy the Viewer1 certificate to Publisher and Viewer2
◦ Copy the Viewer2 certificate to Publisher and Viewer1
4. On each system, navigate to the sw directory, and import the certificates from the other systems by executing the following commands:
◦ On Publisher:
▪ Windows:
▪ importCertificate.bat Viewer1.mycompany.com
▪ importCertificate.bat Viewer2.mycompany.com
▪ Linux:
▪ ./importCertificate.sh Viewer1.mycompany.com
▪ ./importCertificate.sh Viewer2.mycompany.com
◦ On Viewer1:
|
|
Run these commands on Viewer1 only after rsync has been completed to create Viewer2.
|
▪ Windows:
▪ importCertificate.bat Publisher.mycompany.com
▪ importCertificate.bat Viewer2.mycompany.com
▪ Linux:
▪ ./importCertificate.sh Publisher.mycompany.com
▪ ./importCertificate.sh Viewer2.mycompany.com
◦ On Viewer2:
▪ Windows:
▪ importCertificate.bat Viewer1.mycompany.com
▪ importCertificate.bat Publisher.mycompany.com
▪ Linux:
▪ ./importCertificate.sh Viewer1.mycompany.com
▪ ./importCertificate.sh Publisher.mycompany.com
5. If certificates have been imported on Viewer1 before rsync completed to create Viewer2, complete the following steps on Viewer2:
|
|
This step only needs to be executed if the importCertificate commands in step 4 were run on Viewer1 before rsync completed.
|
a. Delete the sw/System/WildFly/standalone/configuration/ins.keystore file from Viewer2.
b. On Viewer2, manually run the createKeyStore command:
▪ For Windows systems: createKeyStore.bat Viewer2.mycompany.com
▪ For Linux systems: ./createKeyStore.sh Viewer2.mycompany.com
Split Environment
A split environment includes two systems, a Publisher and a Viewer. For this procedure, these systems are referred to as Publisher and Viewer, respectively.
1. On each system, navigate to the following directory: sw/System/WildFly/standalone/configuration
2. Locate the certificate file for the system.
The certificate file is named machineFullName.crt, where machineFullName is the fully qualified domain name for the system. For example, if the fully qualified domain name for the system is Publisher.mycompany.com, then the certificate file is named Publisher.mycompany.com.crt.
3. Copy the certificate file from each system, and paste it into the same directory location on the other system.
◦ Copy the Publisher certificate to Viewer
◦ Copy the Viewer certificate to Publisher
4. On each system, navigate to the sw directory, and import the certificates from the other system by executing the following commands:
◦ On Publisher:
▪ Windows:
▪ importCertificate.bat Viewer.mycompany.com
▪ Linux:
▪ ./importCertificate.sh Viewer.mycompany.com
◦ On Viewer:
▪ Windows:
▪ importCertificate.bat Publisher.mycompany.com
▪ Linux:
▪ ./importCertificate.sh Publisher.mycompany.com
