|
Siebel Marketing Installation and Administration Guide > Installing and Configuring Email Marketing >
Configuring Email Marketing Components for HTTPS Communications
This topic describes how to configure the Email Marketing Server components to support communications with Siebel Marketing using the HTTPS protocol. This task is a step in Roadmap for Configuring Email Marketing Daemons. If the Siebel Web server has been configured to use SSL or TLS encryption for communications with Web clients (HTTPS protocol), and if the Web service endpoint URL that the Email Marketing components use to connect with Siebel Marketing uses HTTPS, then you must perform the following tasks:
- Import the certificate file used by the Siebel Web server onto the computer on which you installed the Email Marketing components.
- Configure the Windows services or UNIX shell scripts used to start the Email Marketing Server components for HTTPS.
The procedures in this topic describe how to perform these tasks in a Windows environment and in a UNIX environment. Configuring the Email Marketing Server to Use HTTPS on UNIX
The following procedure describes how to configure Email Marketing Server components for HTTPS communications on a UNIX environment. To configure the Email Marketing Server to Use HTTPS on UNIX
- On the computer on which you installed the Email Sending Daemon, create a keystore file for the CA certificate used by the Siebel Web server using a program such as Java keytool.
For example, create a keystore file named cacerts.
- On the computer on which the Email Sending Daemon is installed, verify that the
JAVA_HOME variable is set to the installation directory of the JDK environment that is being used by the Email Sending Daemon, and verify that the PATH variable includes the JAVA_HOME/jre/bin folder.
NOTE: The Siebel Web server certificate file must be imported in the Java Development Kit (JDK) environment being used by the Email Marketing Server daemons. For information, see Installing the Java Development Kit.
- Import the Siebel Web server CA certificate file into the keystore file you created in Step 1 using the following command:
keytool -import -alias hostname -file certificate_file_name -keystore keystore_name -storepass keystore_password
where:
- Navigate to the setenv.sh file in the ESD_root
/bin/ directory, open the file using a text editor, and locate the JAVA_OPTS parameter.
- Add the Java Secure Socket Extension (JSSE) system properties shown in the following table at the end of the JAVA_OPTS parameter settings.
|
|
-Djavax.net.ssl.trustStore |
The full path to the keystore file that contains the CA certificate, for example: /home/siebel/cacerts
|
-Djavax.net.ssl.trustStorePassword |
The password to the keystore file, for example: siebel
|
The following shows an example of the setenv.sh file after the new parameters have been added:
JAVA_OPTS="-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.port=8099
-Daxis2.xml=$CATALINA_HOME/esd-axis2.xml
-Djavax.net.ssl.trustStore=/home/siebel/cacerts
-Djavax.net.ssl.trustStorePassword=siebel"
- (Optional) If the Click Through Daemon is installed on a different computer to the Email Sending Daemon, create a keystore file and import the Siebel Web server certificate into the keystore file on the Click Through Daemon computer.
To perform these tasks, follow the instructions in Step 1 through Step 3, substituting references to the Email Sending Daemon with the Click Through Daemon.
- Edit the setenv.sh file in the CTD_root
/bin directory and add the system properties described in Step 5 to the file.
- (Optional) If the Bounce Handler Daemon is installed on a different computer to the Email Sending Daemon, create a keystore file and import the Siebel Web server certificate into the keystore file on the Bounce Handler Daemon computer.
To perform these tasks, follow the instructions in Step 1 through Step 3, substituting references to the Email Sending Daemon with the Bounce Handler Daemon.
- Edit the bhd-ctl.sh file as follows:
- Navigate to the bhd-ctl.sh file in the BHD_root
installation directory and make a backup copy of the file.
- Open the bhd-ctl.sh file with a text editor, navigate to JAVA_PROPS section of the file, then add the following parameters to the end of the section:
-Djavax.net.ssl.trustStore=keystore_filename
-Djavax.net.ssl.trustStorePassword=keystore_file_password
For example:
JAVA_PROPS="-showversion ${JVM_MEM_SWITCES}
-Dproperties=bhd.properties -Dfile.encoding=UTF8
-Djavax.net.ssl.trustStore=/home/siebel/cacerts
-Djavax.net.ssl.trustStorePassword=siebel"
- When configuring Web services properties for the Email Sending Daemon, the Click Through Daemon, and the Bounce Handler Daemon, make sure that the URL specified for the component.handler.webservice.url parameter points to a Siebel Inbound Web service that uses HTTPS.
For additional information on this task, see the following:
Configuring the Email Marketing Server to Use HTTPS on Microsoft Windows
The following procedure describes how to configure Email Marketing Server components for HTTPS communications on a Microsoft Windows environment. To configure the Email Marketing Server to Use HTTPS on Windows
- On the computer on which you installed the Email Sending Daemon, create a keystore file for the CA certificate file used by the Siebel Web server using a program such as Java keytool.
For example, create a keystore file named cacerts.jks.
- Import the Siebel Web server certificate file into the JDK environment being used by the Email Marketing Server daemons as described in Step 2 and Step 3.
- On the computer where you installed the Email Sending Daemon, edit the install-win32-service.bat file as follows:
- Navigate to the install-win32-service.bat file located in the ESD_root installation directory and make a backup copy of the file.
The install-win32-service.bat file is used to create the Windows service file for stopping and starting the Email Sending Daemon.
- Open the install-win32-service.bat file with a text editor, and navigate to the following line:
"%EXECUTABLE%" //US//%SERVICE_NAME% ++JvmOptions
"-Djava.io.tmpdir=%CATALINA_BASE%\temp"
--JvmMs %JVM_MIN_STACK%
--JvmMx %JVM_MAX_STACK%
- Add the following parameters before the quotation marks after
\temp:
-Djavax.net.ssl.trustStore=keystore-file_path;
-Djavax.net.ssl.trustStorePassword=keystore_file_password
where:
- keystore-file_path is the full path to the keystore file that contains the CA certificate
- keystore_file_password is the password to the keystore file.
For example:
"%EXECUTABLE%" //US//%SERVICE_NAME% ++JvmOptions
"-Djava.io.tmpdir=%CATALINA_BASE%\temp;
-Djavax.net.ssl.trustStore=D:\cacerts.jks;
-Djavax.net.ssl.trustStorePassword=welcome"
--JvmMs %JVM_MIN_STACK%
--JvmMx %JVM_MAX_STACK%
- Save the install-win32-service.bat file, making sure not to change the file extension type.
- To install the Email Sending Daemon as a service, open a command prompt, navigate to the ESD_root installation directory, then run the following command:
install-win32-service.bat
- (Optional) If the Click Through Daemon is installed on a different computer to the Email Sending Daemon, create a keystore file and import the Siebel Web server certificate into the keystore file on the Click Through Daemon computer.
To perform these tasks, follow the instructions in Step 1 through Step 3, substituting references to the Email Sending Daemon with the Click Through Daemon.
- On the computer where you installed the Click Through Daemon, perform Step 3 and Step 4, but instead of editing and running the install-win32-service.bat file in the ESD_root
installation directory, perform the same steps for the install-win32-service.bat file in the CTD_root installation directory.
- (Optional) If the Bounce Handler Daemon is installed on a different computer to the Email Sending Daemon, create a keystore file and import the Siebel Web server certificate into the keystore file on the Bounce Handler Daemon computer.
To perform these tasks, follow the instructions in Step 1 through Step 3, substituting references to the Email Sending Daemon with the Bounce Handler Daemon.
- After installing the Bounce Handler Daemon, uninstall the existing Bounce Handler Daemon service as follows:
- Open a command prompt and navigate to BHD_root installation directory.
- Run the following command:
install-win32-service.bat -uninstall
- On the computer where you installed the Bounce Handler Daemon, edit the install-win32-service.bat file as follows:
- Navigate to the install-win32-service.bat file located in the BHD_root installation directory and make a backup copy of the file.
The install-win32-service.bat file is used to create the Windows service file for stopping and starting the Bounce Handler Daemon.
- Using a text editor, open the install-win32-service.bat file and navigate to the following line:
"%BHD_HOME%\bin\bhd.exe" -install %SERVICE_NAME% "%JAVA_ROOT%\jre\bin\server\jvm.dll"
- Append the following parameters at the end of the line:
-Djavax.net.ssl.trustStore=keystore_file_path
-Djavax.net.ssl.trustStorePassword=keystore_file_password
where:
- keystore-file_path is the full path to the keystore file containing the CA certificate.
- keystore_file_password is the password to the keystore file.
For example:
"%BHD_HOME%\bin\bhd.exe" -install %SERVICE_NAME% "%JAVA_ROOT%\jre\bin\server\jvm.dll"
-Djavax.net.ssl.trustStore=D:\keystore.jks
-Djavax.net.ssl.trustStorePassword=welcome
- Save the install-win32-service.bat file, making sure not to change the file extension type.
- To re-install the Bounce Handler Daemon as a service, open a command prompt, navigate to the BHD_root installation directory and run the following command:
install-win32-service.bat
|
