Enabling SSL on the Enterprise Server on UNIX and Microsoft Windows

On UNIX and Windows, the HTTPS SSL communication between the Enterprise Server and AIS Server depends on having a valid cacert.pem file in your system/bin32 directory that contains an up-to-date set of root certificates from the SSL certificate issuing authorities. Starting with EnterpriseOne Tools 9.2.3, the release is delivered with a cacert.pem that was current near the time of the release and in most cases, should work with no additional configuration required. However, you may need to update this file from time to time. You can download a current copy from the "libcurl" open-source website at: https://curl.haxx.se/docs/caextract.html

The root certificates are typically updated every 4-6 months. The cacert.pem file is a text file. which contains the date of the last update, so you can check the date to determine if there has been an update.

In most cases, after the SSL certificate is registered on the machine where the web application server is hosting the AIS Server, and communication between this machine and the Enterprise Server has been configured successfully, you will not need to update the root certificates in cacert.pem again. However, you will need to update the root certificates when the current AIS Server SSL certificate expires and a new AIS Server SSL certificate is needed.