Configuration of DAP products with HTTPS in 10.3 plus

DAP products mainly consist of Integration server, Designer, Business console and Agile Apps. Agile apps exclusively provide access through HTTPS protocol. Similarly if Business console Gadgets, Rest resource and Rest descriptors had to be part of end to end solution containing Agile Apps they have to be configured for HTTPS protocol for seamless navigation between Agile apps and these involved products.

Below article details configuration of DAP products with HTTPS protocol

1.  Configuration of Integration server with HTTPS

a.  Login to Integration server http://<host>:5555 as Administrator\manage
b.  Navigate to  Security > Ports >  Add Port and provide following values

  • Type: webMethods/HTTPS, Click Submit
  • Enable: Yes
  • Port: 7777 (Any free port)
  • Alias: HTTPS port (Any alias name)
  • Keystore Alias: DEFAULT_IS_KEYSTORE
  • Key Alias: sso
  • Truststore Alias: DEFAULT_IS_TRUSTSTORE

c.  Save changes, by default “Access Mode” for port 7777 will be set as “Deny+”. Click on “Deny+” > “Set Access Mode to Allow by Default”.
d.  Now IS can be accessed using URL: https://<hostname>:7777

2.  Configuring My webMethods server and Task Engine to use HTTPS

a.  Login to MWS http://<hostname>:8585 as Administrator/manage
b.  Navigate to Applications > Administration > My webMethods > Cluster Settings,
c.  Set HTTPS port as 8586 as in the screenshot,

d.  Login to IS http://<hostname>:5555 as Administrator /manage
e.  Navigate to Packages > Management, Click on Home link of “WmTaskClient” package and edit with following values and save

  • Task Server: Remote MWS
  • Task Server URL: https://<MachineName>:<HttpsPort>

Example: https://vmmsqt03.eur.ad.sag:8586

f.  Reload “WmTaskClient”
g.  Open command prompt as Administrator and run following commands, which makes SSL certificate to be available for Integration server during the start up.

  • cd <InstallationDir>\jvm\jvm\jre\lib\security
  • keytool -export -alias "softwareag demo" -file c:\tmp\sagca.crt -keystore <installationDir>\MWS\server\default\config\security\sagdemoca.jks [Password prompt will appear provide password: manage]
  • keytool -import -trustcacerts -file c:\tmp\sagca.crt -alias "softwareag demo" -keystore <installationDir>\jvm\jvm\jre\lib\security\cacerts [Password prompt will appear provide password: changeit]
  • Restart Integration server

[If step “g” is missed, “WmTaskClient” will not queue a task instance when task is part of some process, SSL Exception will occur for the first time when process is uploaded or document is published to trigger the process.]

h.  Login to Business console http://<hostname>:8585/business.console
i.  Navigate to Profile picture > Administer Business Console, provide parameter values as in screenshot and save.

 

3.  Business console Gadget, Rest resource and Rest API descriptor creation with HTTPS support

a.  Open designer in UI development perspective, add Integration server with HTTPS port(7777), Check secure connection checkbox
b.  Create business console gadget

c.  When Rest API descriptor is being created, Check HTTPS checkbox, and for Host:Port name provide <hostname>:7777 as in the screenshot

d.  When RAD is dragged and dropped in to the Gadgets view.xhtml file, select HTTPS operations

e.  Once RAD is drag and dropped into gadget, double click on the gadget and open Gadget Definition editor, under Hosts, in the host entry row change protocol to HTTPS

f.  Login to IS, http://<hostname>:5555 as Administrator/manage, Navigate to Settings > Extended > Edit Extended Settings,

Generally CORS setting will have following entries,

[watt.server.compile=C:\SoftwareAG10V1\jvm\jvm\bin\javac -classpath {0} -d {1} {2}

http://localhost:8585, http://vmmsqt03:8585, http://vmmsqt03.eur.ad.sag:8585, https://localhost:8586, https://vmmsqt03:8586, https://vmmsqt03.eur.ad.sag:8586

watt.server.cors.enabled=true

watt.server.cors.supportedHeaders=samlassertion,accept,withcredentials,content-type,Accept,origin,Authorization,authorization

watt.server.cors.supportsCredentials=true]

“watt.server.cors.allowedOrigins” should contain https URLs of My webMethods server