/
4.2.2.2 Enable One-way SSL On HTTP

4.2.2.2 Enable One-way SSL On HTTP

Follow the steps below to enable one-way SSL server authentication for HTTP. Refer to Configuring a Keystore if you would like to create your own Keystore with trusted certificate and private key.

Setting Up with a New Keystore File

Run the mzsh keytool generate command to create a new keystore file contains a new self-signed certificate. The certificate generated by the command will have the alias: Platform.

  1. Run the command to enable TLS on HTTP with a new keystore. This command will create a new keystore file (contains self-signed certificate) in $MZ_HOME/keys and enable TLS on HTTP.

    $ mzsh keytool generate -k <keystore file> --enable-tls http

    Example,

    $ mzsh keytool generate -k $MZ_HOME/keys/container.keys --enable-tls http

  2. Change the URL schema in the platform container.

    $ mzsh topo env --update-mz-platform https://<ip/hostname>:<port>

    Example,

    mzsh topo env --update-mz-platform "https://platform.mz:9000"

This command will update the URL to platform in $MZ_HOME/bin/mzsh

# Http url to platform, e.g http://localhost:9000 if [ -z "${MZ_PLATFORM+x}" ]; then MZ_PLATFORM="https://platform.mz:9000" export MZ_PLATFORM fi

  1. Change the URL schema in the EC container.

$ mzsh topo env --update-mz-platform https://<ip/hostname>:<port>

Example,

mzsh topo env --update-mz-platform "https://platform.mz:9000"

This command will update the URL to platform in $MZ_HOME/bin/mzsh

# Http url to platform, e.g http://localhost:9000 if [ -z "${MZ_PLATFORM+x}" ]; then MZ_PLATFORM="https://platform.mz:9000" export MZ_PLATFORM fi

  1. Restart the platform.

  2. Relogin desktop with HTTPS.

  3. Access MediationZone Web API with HTTPS.

Setting Up with an Existing Keystore File

If you already have a keystore file, place it anywhere on the platform machine. Then, run the mzsh keytool command with the enable-tls option and provide the full path to the keystore file.

  1. Enable the TLS protocol on HTTP with existing keystore.

    $ mzsh keytool enable-tls http -k <keystore file> -a <alias>

    The alias must match the alias configured in the Keystore.

    Example,

    $ mzsh keytool enable-tls http -k $MZ_HOME/keys/container.keys -a platform

  2. Change the URL schema in the Platform container.

    $ mzsh topo env --update-mz-platform https://<ip/hostname>:<port>

    Example,

    mzsh topo env --update-mz-platform "https://platform.mz:9000"

This command will update the URL to platform in $MZ_HOME/bin/mzsh

# Http url to platform, e.g http://localhost:9000 if [ -z "${MZ_PLATFORM+x}" ]; then MZ_PLATFORM="https://platform.mz:9000" export MZ_PLATFORM fi

If a trusted certificate has been configured, a FQDN (Fully Qualified Domain Name) must be configured for the URL matching the FQDN of the certificate subject.

  1. Restart the platform.

  2. Relogin desktop with HTTPS.

  3. Access MediationZone Web API with HTTPS.

The  mzsh keytool enable-tls command will configure HTTP TLS properties automatically in Platform container.

The section contains the following subsections:

Related content