Enabling SSL on the Enterprise Server on UNIX and Microsoft Windows
On UNIX and Windows, the HTTPS SSL communication between the Enterprise Server and AIS
Server depends on having a valid cacert.pem file in your system/bin32 directory that
contains an up-to-date set of root certificates from the SSL certificate issuing
authorities. Starting with EnterpriseOne Tools 9.2.3, the release is delivered with a
cacert.pem that was current near the time of the release and in most cases, should work
with no additional configuration required. However, you may need to update this file
from time to time. You can download a current copy from the "libcurl" open-source
website at: https://curl.haxx.se/docs/caextract.html
The root certificates are typically updated every 4-6 months. The cacert.pem file is a text file. which contains the date of the last update, so you can check the date to determine if there has been an update.
In most cases, after the SSL certificate is registered on the machine where the web application server is hosting the AIS Server, and communication between this machine and the Enterprise Server has been configured successfully, you will not need to update the root certificates in cacert.pem again. However, you will need to update the root certificates when the current AIS Server SSL certificate expires and a new AIS Server SSL certificate is needed.