Steps to Configure SSL on WACS with BI 4.0 using PKCS12 as Certificate.
Before configuring HTTPS/SSL on WACS, a PCKS12 file have to be already created and moved to the machine that is hosting the WACS.
Please follow the below steps:
Go to the "Servers" management area of the CMC.
Double-click the WACS the server in order to enable HTTPS. The "Properties" screen appears
In the "HTTPS Configuration" section, check the Enable HTTPS check box.
In the Bind to Hostname or IP Address field, specify the IP address for which the certificates were issued and to which WACS will bind. HTTPS services will be provided through the specified IP address
In the HTTPS Port field, specify a port number for WACS to provide HTTPS service. This port must be free. If users connect to the WACS from outside a firewall, this port must be open on the firewall.
If configuring SSL with a reverse proxy, specify the proxy server's hostname and port in the Proxy Hostname and Proxy Port fields.
On the Protocol list, select a protocol. The available options are:
- SSL : SSL is the Secure Sockets Layer protocol, which is a protocol for encrypting network traffic.
- TLS : TLS is the Transport Layer Security protocol, and is a newer, enhanced protocol. The differences between SSL and TLS are minor, but include stronger encryption algorithms in TLS
In the Certificate Store File Location field, specify the path where the certificate file store or Java keystore file should be copied or moved.
In the Private Key Access Password field, specify the password.
It is recommended to use either use a certificate file store or keystore that either contains a single certificate, or where the certificate to be used is listed first. However, if using a certificate file store or keystore that contains more than one certificate, and that certificate is not the first one in the filestore, in the Certificate Alias field, an alias for the certificate must be specified.
To limit WACS to only accept HTTPS requests from certain clients, enable client authentication. Client authentication doesn't authenticate users. It ensures that WACS only serves HTTPS requests to certain clients.
- a. Check Enable Client Authentication.
- b. In the Certificate Trust List File Location, specify the location of the PCKS12 file that contains the trust list file.
Note: The Certificate Trust List type must be the same as the Certificate Store type.
- c. In the Certificate Trust List Private Key Access Password field, type the password that protects the access to the private keys in the Certificate Trust List file.
Click Save & Close.
Go to the "Metrics" screen, and ensure that HTTPS connector appears under List of Running WACS Connectors. If HTTPS does not appear, then ensure that the HTTPS connector is configured correctly