Replacing the Security Certificate for Execution Server and Application Server Communication

The default communication between execution servers and the application server uses a default security certificate. You can set up your own security configuration for the communication between execution servers and the application server by replacing the default keystores with your own. The keystores contain the security certificates and keys to enable secure SSL communication between execution servers and the application server. For security reasons, both the keystore and the key passwords must be encrypted. The SSL Password Encrypter tool enables you to encrypt a custom password. The Performance Manager application server and execution servers need to use this encrypted password so that the communication with the custom keystore can be enabled.

Important: You need to be knowledgeable about how SSL communication works and how to create and configure keys and certificates.
Tip: For testing purposes we strongly recommend that you perform this task with a single execution server before updating all your execution servers. The cipher algorithm needs to be RSA and we recommend to use at least SHA256 for signatures.
  1. Stop the application server and all execution server services.
  2. Replace the default keystores with your own on the application server and all execution servers. The default location of the keystore files is <Silk Performance Manager installation folder>\conf\execserver\SccExecServerKS on the execution server and <Silk Performance Manager installation folder>\conf\appserver\SccAppServerKS on the application server.
  3. Connect to the computer where Performance Manager is installed and select Start > Programs > Silk > Silk Performance Manager 21.0 > Tools > SSL Password Encrypter. The SSL Password Encrypter dialog box opens.
  4. Enter your custom keystore password in the Keystore password field, then click Encrypt to encrypt the password. Copy and save the encrypted password for later use.
  5. Enter your custom key password in the Keystore password field, then click Encrypt to encrypt the password. Copy and save the encrypted password for later use.
  6. Copy the encrypted passwords that you saved in the steps before and paste them into the <KeyPassword> tag and <KeyStorePassword> tag, respectively. These tags are located in the SccExecServerBootConf.xml and SccAppServerBootConf.xml files. This replacement needs to be done on all execution servers and on the application server.
    Important: The defined passwords for the execution servers and the application server must match, otherwise the servers are unable to communicate with each other. Non-matching passwords result in the application server not being able to connect to any execution servers, which means that the Locations list in Performance Manager would be empty.
Restart all execution servers and the application server when you are done.
Parent topic: Setting Up Execution Servers