Secure Agent Services > Process Server > Configuring public certificates and private keys for Process Server
  

Configuring public certificates and private keys for Process Server

When you use Application Integration processes and connections to connect to an SSL-enabled endpoint, you must have public certificates and/or private keys. You must import the public certificates and private keys for the processes and connections to the Secure Agent.
After configuring public certificates and private keys for Process Server, enable mutual authentication for Process Server,

Import public certificates and private keys for processes and connections

To connect to an SSL-enabled endpoint, such as a web service, queue, or a JDBC connection, you need a public certificate and/or a private key.
You must import the certificates to the Secure Agent machine where the process or connection is published in order for the process or connection to establish SSL-enabled connections to these endpoints.
To import the public certificates and/or private keys, perform the following steps:
You must import and place the public cert file in x509 format in the certs folder mentioned above. You must import the certificates and keys in the same locations to ensure ease of use and compatibility with upgrades. ​
Additionally, to import a secret private key within the Informatica Keystore, the secret key must have the same keystore format, that is, PKCS12 ".p12". For example, if the secret key is provided in the ".pfx" format, you must convert it to ".p12". You can verify this with the certificate provider.
To connect to the Secure Agent through the domain name and not the localhost, you can generate the certificate based on the domain name that you want to connect to and copy the certificate into the certs folder.

Enable mutual authentication for Process Server

After upgrading the Process Server with the latest package, enable mutual authentication for Process Server using one of the following methods:
To enable mutual authentication from Administrator, perform the following steps:
  1. 1In Administrator, select Runtime Environments.
  2. 2On the Runtime Environments page, click the name of the Secure Agent.
    3. You might have to expand the Secure Agent group to see the list of Secure Agents within the group.
  3. 3Click the Details tab.
  4. 4In the upper right corner, click Edit.
  5. 5Scroll down to the Custom Configuration Details area.
  6. 6If there are custom properties already configured, click the Add icon to add a new property row.
  7. 7Select the service as Process Server.
  8. 8Select the configuration property type as connectors.
  9. 9Enter the property name as https-clientAuth and the value as true as shown in the following image:
    10. The image shows the custom property https-clientAuth set to true to enable the mutual authentication for Process Server.
  10. 10Click Save.
    11. The status of the Process Server service shows up as Restart Required.
  11. 11Restart the Process Server for the change to take effect.
To manually update the server.xml.mustache file, perform the following steps:
  1. 1Log in to the Secure Agent machine.
  2. 2Go to the following directory:
    3. <Secure Agent installation directory>/downloads/package-process-engine.<latest_version>/package/app/conf/
  3. ​​
  4. 3Edit the server.xml.mustache file and change the value of the clientAuth property from want to true.
  5. 4Save the server.xml.mustache file.
  6. 5Restart the Secure Agent for the change to take effect.
Note: The default keystore is ae.keystore and it is installed with a localhost certificate.
For more information about the Process Server keystore and truststore configurations, see the attachment in Knowledge Base article 611562.