How To Connect Management Server To Execution Servers Using SSL

Article Id: 131984
Status: Published
Updated On: 09-05-2019 08:58
Products:
CA Release Automation - Release Operations Center (Nolio) , CA Release Automation - DataManagement Server (Nolio)
Issue/Introduction:

The purpose of this document is to outline the changes needed to connect a Management Server to an Execution Server using the default ssl certificates shipped out of the box with CA Release Automation. 

If you need instructions on how to connect management servers to execution servers using new/custom ssl certificates. The process is described here:
Secure Communications

CA Release Automation ships with self signed certificates that can be used for securing various connections. One of the connections that organizations want to frequently secure is the connection between the management server and the execution server. This can be done with the out of the box certificates. But some configuration changes are still necessary. 

CA Release Automation defaults to using SSL over port 8443 and the nolio.jks certificate. If either one of these items need to be changed then please review the product documentation. The documentation does not advise on how to change the port. But it does highlight the file (server.xml) where this, and other settings, can be found. The documentation does advise on all of the changes needed to change ssl certificates. 

Environment:

CA Release Automation v6.x

Resolution:

To connect to a remote execution server using SSL you will need to:
 

  1. Locate the RA_HOME\webapps\execution\WEB-INF\activemq-broker-nes.xml file and make a copy of the file.
  2. Open the RA_HOME\webapps\execution\WEB-INF\activemq-broker-nes.xml file on the Execution Server, and make the following changes:

    • Make sure that the following sections are uncommented:  

      <bean class="com.nolio.platform.server.dataservices.StringDecrypter" id="sslPassword">
   <property name="originalString" value="${jms.encrypted.key.store.password}"/>
</bean>



      <amq:sslContext>
     <amq:sslContext>
        <property name="keyStore" value="${jms.key.store}"/>
        <property name="keyStorePassword" ref="sslPassword"/>
     </amq:sslContext>
 </amq:sslContext>

    • Find the transportConnectors section and comment out the transportConnector element that is not set to SSL. Uncomment the element with the name attribute set to SSL:  

      <amq:transportConnectors>
    <!--<amq:transportConnector uri="nio://0.0.0.0:${jms.transport.port.nes}?daemon=true" />-->
     <!-- Uncomment the ssl connector below and comment out the openwire connector above to use SSL -->
     <amq:transportConnector name="ssl" uri="nio+ssl://0.0.0.0:${jms.transport.port.nes}?daemon=true" />
</amq:transportConnectors>

  3. Restart the Execution Server service.

  4. Repeat Steps 1-3 on all Execution Server systems that you want the management server to connect to over SSL.