HACloud Session Server comes with some out-of-the-box default configuration settings for ESCWA and MFDS. The settings are available in a HACloud settings file in the product installation.
Micro Focus recommends that you edit this file before you start using HACloud and change the default passwords as a minimum in the configuration file. In addition, if ESCWA and MFDS are configured with non-default settings or you want to use an HTTPS connection, secure credentials, and trusted certificates for the server sessions, you need to configure these as well.
The configuration settings file, hacloud.properties, is available in the %ALLUSERSPROFILE%\Micro Focus\Enterprise Developer folder (Windows) or in the etc subfolder in the product installation (UNIX).
You need to review and update the settings as required. To edit the file, start a text editor with administrator's (Windows) or with root (UNIX) permissions.
The contents of the file on Windows are:
#logging.level.com.microfocus.zfe.enterprise.ConfigurationServiceEnterprise=INFO # HTTP URL on which ESCWA should be contacted hacloud.es.escwaurl=http://localhost:10086 # MFDS host on which to query available 3270 endpoints hacloud.es.mfdshost=127.0.0.1 # MFDS port hacloud.es.mfdsport=86 # Port on which HA Cloud Session Server will accept inbound HTTP requests server.port=7443 # Session Server keystore, holds server certificate server.ssl.key-store=../../etc/keystore.bcfks # Session Server keystore password server.ssl.key-store-password=changeit # Trusted certificate store for outbound HTTP and TN3270 connections server.ssl.trust-store=../../etc/trustcerts.bcfks # Trusted certificiate store password server.ssl.trust-store-password=changeit # Listen over HTTP spring.profiles.active=no-tls,extensions-enabled # Listen over HTTPS (if a server certificate is supplied using the keystore) #spring.profiles.active=extensions-enabled
The contents of the file on UNIX are:
#logging.level.com.microfocus.zfe.enterprise.ConfigurationServiceEnterprise=INFO # HTTP URL on which ESCWA should be contacted hacloud.es.escwaurl=http://localhost:10086 # MFDS host on which to query available 3270 endpoints hacloud.es.mfdshost=127.0.0.1 # MFDS port hacloud.es.mfdsport=86 # Port on which HA Cloud Session Server will accept inbound HTTP requests server.port=7443 # Session Server keystore, holds server certificate server.ssl.key-store=../../etc/keystore.bcfks # Session Server keystore password server.ssl.key-store-password=changeit # Trusted certificate store for outbound HTTP and TN3270 connections server.ssl.trust-store=../../etc/trustcerts.bcfks # Trusted certificiate store password server.ssl.trust-store-password=changeit # Listen over HTTP spring.profiles.active=no-tls,extensions-enabled # Listen over HTTPS (if a server certificate is supplied using the keystore) #spring.profiles.active=extensions-enabled
The parameters you can change in this file are as follows:
You need to provide your own certificate if you want the HACloud Session Server to listen over an HTTPS connection. The keystore to use must be in a Bouncy Castle format. You can secure it with a password.
When the Session Server itself has to talk to another endpoint such as ESCWA or a TN3270 endpoint, and that endpoint has a certificate, either this certificate or the CA root attached to this certificate needs to be added to the trust store to enable the Session Server to trust that server. If you do not perform this step, then you might encounter SSL errors when the Session Server attempts to communicate with these endpoints.
See Import a Certificate into the Session Server's Truststore for more details. Note that some of the paths in the HACloud product Help are specific to the standalone HACloud product.
By default, this is set to no-tls,extensions-enabled. no-tls means the connection is not TLS-enabled. extensions-enabled enables the Session Server to talk to ESCWA.
To enable TLS and listen over HTTPS, remove no-tls and only set this to extensions-enabled. In this case, you must provide your own keystore certificate in the specified keystore, server.ssl.key-store=../etc/keystore.bcfk.
If ESCWA is running in secured mode and has a security manager assigned to it, you need to provide the credentials to sign into it. Passwords are stored in a vault which is either an encrypted file on the disk or a server that provides the information.
You need to provide these credentials through the mfsecrecretsadmin utility and store them in the microfocus/hacloud location. The format of these secrets is the JSON payload for the ESCWA logon. See ESCWA Client Web APIs.
If you need to provide login credentials for ESCWA, supply them in the escwacreds secret.
If different credentials are required to sign in to MFDS, or single sign-on is not enabled in ESCWA, then you also need to provide the MFDS credentials in the mfdscreds secret.
If you want to verify that these secrets are available:
mfsecretsadmin list microfocus/hacloud/*
These should show the escwacreds and mfdscreds, if available.
mfsecretsadmin read microfocus/hacloud/escwacreds