Configuring SSL to access Remote Servers

There are multiple use cases of using SSL to access remote server:

• Configuring HTTPS for Remote Metadata Harvesting Agents (Remote MIMM Server)
• Configuring SSL for Harvesting Metadata with API based bridges (e.g. a database server via JDBC)
• Configuring SSL for Repository Storage (database server via JDBC)
• Configuring LDAPS for Enterprise Directory

In all above uses cases, no extra setup is needed when using an official certificate signed by a Certificate Authority (CA), as using the https based URL is enough.

However, when using a self signed certificate, then such a certificate needs to be explicitly imported in the java environment of your server. The recommended method to import such a certificate is using the -certificate options of the Setup utility as explained in Server Installation and Configuration.
‎[{ -ch | --certificate-host }] Certificate: the host name to retrieve the certificate for
‎[{ -cp | --certificate-port }] Certificate: the port number to connect to
‎For example:
‎$MM_HOME/Setup.sh -ch MyServer.MyDomain.com -cp 443
‎If the above method fails, you may manually import the certificate into the java environment keystore as follows:
‎cd $MM_HOME/jre/lib/security
‎mv jssecacerts jssecacerts.old
‎$MM_HOME/bin/keytool -importkeystore -srckeystore YourSelfSignedCertificate -keystore jssecacerts
‎$MM_HOME/RestartServerApplication.sh (or RestartServerService.bat on Windows)
‎Note that the above import steps have to be repeated for the self signed certificate of every remote servers.