docmain.css" /> Securing Reflection ZFE Session Server and Management Component to MSS - Reflection ZFE 2.1.4

4.2 Securing Reflection ZFE Session Server and Management Component to MSS

NOTE:The file paths noted here are for a default installation and assume that Java\bin is in your system path. If you have installed Reflection ZFE to another location, you must modify the path appropriately.

These instructions pertain to both the session server and management component and require a change to the container.properties file located here:

  • sessionserver/conf/container.properties

  • managementserver/conf/container.properties

The <component-path>/container.properties file contains the URL of the Management and Security Server (MSS) that will be used by both Reflection ZFE session server and management component:

management.server.url=http://my-company.com:80/mss

During the installation, you can specify that you want to configure a secure communication channel between both the Reflection ZFE session server and MSS, which means the install process will handle obtaining the MSS certificate and configure the Reflection ZFE session server. The management component must be configured manually.

To make this configuration manually after you complete the installation follow these steps:

  1. Change the management.server.url property in <component-path>/conf/container.properties to use the HTTPS protocol and specify the correct MSS port.

  2. Use the browser to connect to the HTTPS Management and Security Server URL and instruct the browser to save the certificate.

  3. Import the certificate into the appropriate Reflection ZFE keystore by running the following command (the command may vary depending on specific values) in the <component-path>/etc directory: keytool -importcert -file <path-to-the-MSS-certificate> -alias <some-alias> -keystore servletcontainer.jks -storetype jceks -storepass not-secure

  4. Restart the appropriate service.

These instructions use the default password, changeit as the keystore password. You can change the keystore password by running the following command in the <component-path>/etc directory:

keytool -storepasswd -new new_password -keystore servletcontainer.jks -storetype jceks -storepass not-secure.

Related Topics