Reflection ZFE uses Bouncy Castle, which is a Java implementation of cryptographic algorithms, to ensure secure connections between components. Occasionally it may become advantageous to replace the Bouncy Castle implementation with standard Java cryptography.
This is a two step process; first replacing Bouncy Castle with the Java implementation and second, importing certificates to enable communication between MSS and Reflection ZFE.
Replacing Bouncy Castle with the Java cryptographic implementation:
Open sessionserver\conf\container.conf in a text editor.
Set -Dcom.attachmate.integration.container.CRYPTO.enabled to . For example:
wrapper.java.additional.10=-Dcom.attachmate.integration.container.CRYPTO.enabled=false
Update these trust store settings to use the default JKS format.
Save the file.
Open \sessionserver\services\servletengine\META-INF\service-ctx.xml
Modify the settings as follows:
Restart the session server.
Configuring communication between MSS and Reflection ZFE by enabling their respective keystores:
To import the MSS certficate to the Reflection ZFE keystore, from the sessionserver/etc directory, run the following commands:
To import the Reflection ZFE certificate to the MSS trusted subsystem keystore, from the MSS/server/etc directory, run the following command:
Restart both MSS and the Reflection ZFE session server.