To enable two-way SSL communication between Workbench and an ATG (Oracle Commerce Platform) server, follow these steps:
1. When ATG Server is running in SSL mode, update the protocol and the
hostname in the file
<Endeca_app>/config/editors_config/atgServices.json
.
The protocol must be https and the machine name must be the ATG server machine
name.
2. Configure the client certificates in the
%ENDECA_TOOLS_CONF%\conf\webstudio.properties
file; for
example:
javax.net.ssl.trustStore=@ENDECA.TOOLS.CONF@/conf/ca.ks javax.net.ssl.trustStoreType=JKS javax.net.ssl.trustStorePassword=eacpass javax.net.ssl.keyStore=@ENDECA.TOOLS.CONF@/conf/eac.ks javax.net.ssl.keyStoreType=JKS javax.net.ssl.keyStorePassword=eacpass javax.net.ssl.com.endeca.webstudio.client.communication.ssl="true"
3. Make sure that the root certificates of the ATG server are present
in the client's trust store, and that the root certificates of the client
applcation are in the ATG server's trust store. Root certificates can be
specified either as external path entries or in the
cacerts
file.
Note
If Oracle Commerce Guide Search and ATG certificates are generated using same certificate authority, it is not necessary to export and import certificates from one machine to the other.
4. The following command can be used to export and import the root certificates from the machines.
To export a root certificate, use a keytool command of the following form:
keytool -export -alias alias_used_during_certificate_gen -file ROOT_CERT.cer -keystore truststore.ks
where:
alias
is the name of the alias used during certificate generation.
file
is the name of the root certificate file that is to be exported.
keystore
is the file name of the trust store to which the root certificate is exported.