/
4.2.1.1 Enable One-way SSL On RCP

4.2.1.1 Enable One-way SSL On RCP

Follow the steps below to enable One-way SSL server authentication for RCP. To include client authentication (two-way SSL mutual authentication), continue the steps in Enable Two-way SSL On RCP.

Setting Up with a New Keystore File

Run the mzsh keytool generate command to create a new keystore file contains a new self-signed certificate. The certificate generated by the command will have the alias: Platform.

  1. Enable TLS on RCP with a new keystore.

    $ mzsh keytool generate -k <keystore file> --enable-tls rcp

    Example, this command will create a new keystore file (contain self-signed certificate) in $MZ_HOME/keys and enable TLS on RCP.

    $ mzsh keytool generate -k $MZ_HOME/keys/container.keys --enable-tls rcp
  2. Restart the Platform.

Setting Up With an Existing Keystore File

If you already have a keystore file, place it anywhere on the platform machine. Then, run the mzsh keytool command with the enable-tls option and provide the full path to the keystore file.

  1. Enable TLS on RCP with existing keystore.

    $ mzsh keytool enable-tls rcp -k <keystore file> -a <alias>

    Example,

  2. Restart the Platform.

 

The  mzsh keytool enable-tls command will configure RCP TLS properties automatically in Platform container.