Show Hide

 

Feedback

  • Contents
 

Setting up SSL

The following table lists the possible SSL configurations. The configuration settings for these connections are independent of each other.

browser to web server web server to CIC server

SSL

non-SSL

non-SSL

SSL

non-SSL

non-SSL

SSL

SSL

You can use SSL for the front-end connection from the web browser to the web server or for the back-end connection from the web server to the CIC server. Alternatively, you can use SSL for both the front and back-end connections or for neither.

To use SSL between the web user and the web server

Enable this according to your web server software's instructions. Pay particular attention to these points:

  • In the Interaction Web Tools Configuration Utility, Secure Connection refers to this front-end connection between the web browser and the web server. If web users access Interaction Web Tools using HTTPS, select Secure Connection. If they access it using HTTP, clear the Secure Connection check box.

  • If you changed settings in config.js and deployed examples, recopy C:\inetpub\wwwroot\i3root\js\config.js into each example's js directory.

To use SSL between the web server and the CIC server, if the web server is IIS

  1. In Interaction Administrator, select System Configuration, then select Web Services. Double-click Configuration. Select the Enable HTTPS check box. When using HTTPS, it is usually desirable to clear the Enable HTTP check box.

  2. Ensure that, by means of DNS or the web server's hosts file (C:\windows\system32\drivers\etc\hosts), the web server can refer to the CIC server using the CIC server's host name.

  3. Ensure that you used the CIC server's host name, not its IP address, in the Reverse Proxy configuration.

  4. Find the CA certificate on the CIC Server. It is in D:\I3\IC\Certificates\ServerGroup\ServerGroupCertificate.cer.

    Note:
    If the CIC Server's host name has changed since you generated the certificate, regenerate the certificate before following the remaining steps in this procedure.

  5. Copy ServerGroupCertificate.cer to the web server's file system. Do not place it in a location that is visible on the web.

  6. Import the certificate to the web server.

    1. On the web server, from the Windows Start menu, select Run. In the Run dialog box, type mmc, and click OK.

    2. In the Console window, from the File menu, select Add/Remove Snap-in.

    3. In the Add or Remove Snap-Ins dialog box, from the Available snap-ins list, select Certificates and click Add Certificates and click Add.

    4. In the Certificate snap-in dialog box, select Computer Account and click Next.

    5. In the Select Computer dialog box, select Local computer and click Next.

      In the Certificate snap-in dialog box, click Finish.

    6. In the Add or Remove Snap-Ins dialog box, click OK.

    7. In the Console window, in the left pane, expand Certificates, expand Trusted Root Certification Authorities, and then click the Certificates node that is a child of Trusted Root Certification Authorities.

    8. Right-click this lower Certificates node and select All Tasks, then select Import.

    9. In the Certificate Import Wizard, click Next.

    10. In the File to Import page, browse to the CA certificate on the CIC Server and click Open.

    11. Back in the Certificate Import Wizard, in the File to Import page, click Next.

    12. In the Certificate Store page, click Next.

    13. In the Completing the Certificate Import Wizard page, click Finish.

    14. In the Import was successful dialog box, click OK.

    15. Close the Microsoft Management Console. There is no need to save console settings.

To use SSL between the web server and the CIC server, if the web server is Apache

  1. In Interaction Administrator, select System Configuration, then select Web Services. Double-click Configuration. Select the Enable HTTPS check box. When using HTTPS, it is usually desirable to clear the Enable HTTP check box.

  2. Ensure that, by means of DNS or the web server's hosts file, the web server can refer to the CIC server's host name.

    Tip:
    A Windows hosts file is C:\windows\system32\drivers\etc\hosts. A Unix hosts file is /etc/hosts.

  3. Edit <apache install dir>\conf\httpd.conf:

    • Uncomment the following lines. They are near each other, but not necessarily consecutive:

        LoadModule proxy_module modules/mod_proxy.so
  LoadModule proxy_http_module modules/mod_proxy_http.so
  LoadModule proxy_connect_module modules/mod_proxy_connect.so
  LoadModule ssl_module modules/mod_ssl.so

    • Add the following (if in doubt, add to either the bottom of the file, or within the applicable <VirtualHost> directive):

        ProxyPass /I3Root/Server1/ https://ICServer:3508/
  ProxyPassReverse /I3Root/Server1/ https://ICServer:3508/
  SSLProxyEngine on

  4. If using Switchover, also add ProxyPass and ProxyPassReverse directives mapping /I3Root/Server2 to the other CIC server.

  5. Restart Apache.