Configuring SSL to access Remote Servers

There are multiple use cases of using SSL to access remote server:

o  Configuring HTTPS for Remote Metadata Harvesting Agents (Remote MetaKarta Server)

o  Configuring SSL for Harvesting Metadata with API based bridges (e.g. a database server via JDBC)

o  Configuring SSL for Repository Storage (database server via JDBC)

o  Configuring LDAPS for Enterprise Directory

In all above uses cases, no extra setup is needed when using an official certificate signed by a Certificate Authority (CA), as using the https based URL is enough.

However, when using a self signed certificate, then such a certificate needs to be explicitly imported in the java environment of your server. The recommended method to import such a certificate is using the -certificate options of the Setup utility as explained in Server Installation and Configuration.
[{ -ch | --certificate-host }] Certificate: the host name to retrieve the certificate for
[{ -cp | --certificate-port }] Certificate: the port number to connect to
For example:
$MM_HOME/Setup.sh -ch MyServer.MyDomain.com -cp 443
If the above method fails, you may manually import the certificate into the java environment keystore as follows:
cd $MM_HOME/jre/lib/security
mv jssecacerts jssecacerts.old
$MM_HOME/bin/keytool -importkeystore -srckeystore YourSelfSignedCertificate -keystore jssecacerts
$MM_HOME/RestartServerApplication.sh (or RestartServerService.bat on Windows)
Note that the above import steps have to be repeated for the self signed certificate of every remote servers.