As a Web site owner or administrator of
Enterprise Server, you ensure secure communcation for HTTP (web) traffic using SSL (also called TLS) by creating and configuring an HTTPS listener,
as follows:
- Connect to ES Admin, for example by entering
http://localhost:86 in your Web browser. Make sure the enterprise server you're going to use, for example ESDEMO, is stopped.
- Go to the listeners page (click
Edit
>
Listeners). Make sure the
Process filter is set to
All so you can see all the listeners.
- Click
Add.
- Enter a name for the listener.
- Change the Endpoint Address to
*.443, which is the default for HTTPS. (This is just an example. Your enterprise server may have multiple HTTPS listeners on different
ports.)
- Check
Secure Sockets Layer.
- Enter the filenames of your server certificate and private key in the Certificate and Keyfile fields. If these are not in
the default directories, you also need to supply the paths to these files. For example:
-
ssldir\certs\srvcert.pem
(Windows) or
ssldir/certs/srvcert.pem
(UNIX)
-
ssldir\keys\srvkey.pem
(Windows) or
ssldir/keys/srvkey.pem
(UNIX)
Where
ssldir is the directory where Security Pack is installed, and is by default
%ProgramFiles(x86)%\Micro Focus\DemoCA (Windows) or
/opt/microfocus/DemoCA/openssl or
$COBSSL (if set) (UNIX).
To find out the
Windows
directory, look up the registry key
HKEY_LOCAL_MACHINE\Software\Micro Focus\DemoCA\1.0\Setup\DemoCAFolder.
Note: Once you have specified a certificate and keyfile you can configure the listener to use TLS protocol and cipher suites. See
Configuring a Listener to use TLS Protocols and Cipher Suites for more information.
Note: Enterprise Developer supports DER, CER, PKCS #7, PKCS #8, PKCS #12 and PEM certificate file formats and PKCS #8, PKCS #12 and PEM for key file
formats.
- Specify the Supported Conversation Type for this listener, such as the
Web Services and J2EE type for secure ESMAC and Web Services conversations. If you do not have a conversation type in mind, then for testing purposes
you can create this listener as an "HTTP echo" listener, which provides a simple response to HTTP requests. To do this, select
Custom under Supported Conversation Type and enter
http-echo in the field alongside. (This is just an example. You may use other conversation types with SSL.)
Note: Do not use the http-echo conversation type in production. It is intended only for connection testing.
- Click
Add. On the listeners page, the new listener now has a padlock symbol to show that it uses SSL.
You can use a similar procedure to configure an existing listener to use SSL. SSL is supported for all conversation types,
not just HTTPS, provided the client also supports SSL.