4.2.2.2 Enable One-way SSL On HTTP
- Jenni Wallin
- Chooi San Chong
- Former user (Deleted)
- Former user (Deleted)
Follow the steps below to enable one-way SSL server authentication for HTTP. Refer to Configuring a Keystore if you would like to create your own Keystore with trusted certificate and private key.
Setting Up with a New Keystore File
Run the mzsh keytool generate command to create a new keystore file contains a new self-signed certificate. The certificate generated by the command will have the alias: Platform.
Run the command to enable TLS on HTTP with a new keystore. This command will create a new keystore file (contains self-signed certificate) in $MZ_HOME/keys and enable TLS on HTTP.
$ mzsh keytool generate -k <keystore file> --enable-tls httpExample,
$ mzsh keytool generate -k $MZ_HOME/keys/container.keys --enable-tls httpChange the URL schema for the platform container.
$ mzsh topo env --update-mz-platform https://<ip/hostname>:<port>Example,
This command will update the URL to platform in $MZ_HOME/bin/mzsh
Restart the platform.
Relogin desktop with HTTPS.
Access MediationZone Web API with HTTPS.
Setting Up with an Existing Keystore File
If you already have a keystore file, place it anywhere on the platform machine. Then, run the mzsh keytool command with the enable-tls option and provide the full path to the keystore file.
Enable the TLS protocol on HTTP with existing keystore.
The alias must match the alias configured in the Keystore.
Example,
Change the URL schema for the platform container.
Example,
This command will update the URL to platform in $MZ_HOME/bin/mzsh
If a trusted certificate has been configured, a FQDN (Fully Qualified Domain Name) must be configured for the URL matching the FQDN of the certificate subject.
Restart the platform.
Relogin desktop with HTTPS.
Access MediationZone Web API with HTTPS.
The mzsh keytool enable-tls command will configure HTTP TLS properties automatically in Platform container.
The section contains the following subsections: