Security Guide > Domain Security > Secure Connections to a Web Application Service

Secure Connections to a Web Application Service

To protect data that is transmitted between a web application service and the browser, secure the connection between the web application service and the browser.

You can secure the following connections:

Connections to the Administrator tool: You can secure the connection between the Administrator tool and the browser.
Connections to web application services: You can secure the connection between the following web application services and the browser:

Requirements for Secure Connections to Web Application Services

Before you secure the connection to a web application service, ensure that the following requirements are met:

You created a certificate signing request (CSR) and private key.: You can use keytool or OpenSSL to create the CSR and private key.; If you use RSA encryption, you must use more than 512 bits.

You have a signed SSL certificate.: The certificate can be self-signed or CA signed. Informatica recommends a CA signed certificate.

You imported the certificate into a keystore in JKS format.: A keystore must contain only one certificate. If you use a unique certificate for each web application service, create a separate keystore for each certificate. Alternatively, you can use a shared certificate and keystore.; If you use the installer-generated SSL certificate for the Administrator tool, you do not need to import the certificate into a keystore in JKS format.

The keystore is in an accessible directory.: The keystore must be in a directory that is accessible to the Administrator tool and the command line programs.

Enabling Secure Connections to the Administrator Tool

After installation, you can configure secure connections to the Administrator tool from the command line.

You must update the gateway nodes in the domain with the properties for a secure connection between the browser and the Informatica Administrator service.

To update the gateway node with secure connection properties, run the following command: infasetup UpdateGatewayNode

Include the following options:

Option	Argument	Description
-HttpsPort -hs	AdminConsole_https_port	Port number to use for a secure connection to the Informatica Administrator service.
-KeystoreFile -kf	AdminConsole_Keystore_File	Path and file name of the keystore file to use for the HTTPS connection to the Informatica Administrator service.
-KeystorePass -kp	AdminConsole_Keystore_Password	Password for the keystore file.

If you have multiple gateway nodes in the domain, run the command on each gateway node.

Informatica Web Application Services

Configure a secure connection for a web application service when you create or configure it. Each application service has specific properties for the secure HTTPS connection.

Security for the Analyst Tool

When you create the Analyst Service, you can configure the secure HTTPS properties for the Analyst tool.

To secure the connection between the browser and the Analyst Service, configure the following Analyst Service properties:

Property	Description
Enable Secure Communication	Select to enable a secure connection between the Analyst tool and the Analyst Service.
HTTPS Port	Port number that the Informatica Analyst web application runs on when you enable the Transport Layer Security (TLS) protocol. Use a different port number than the HTTP port number.
Keystore File	Directory where the keystore file that contains the digital certificates is stored.
Keystore Password	Plain-text password for the keystore file. If this property is not set, the Analyst Service uses the default password changeit.
SSL Protocol	Informatica recommends that you leave this field blank. The version of TLS enabled depends on the value. A blank field enables the highest version of TLS available. If you enter a value, earlier versions of TLS might be enabled. The behavior is based on the Java version for your environment. For more information, see the documentation for your Java version.

Security for REST Operations Hub Service

When you use the REST Operations Hub Service, you can configure the secure HTTPS properties for the REST Operations Hub.

To secure the connection between the browser and the REST Operations Hub Service, configure the following REST Operations Hub Service properties:

Property	Description
HTTP Port	Unique HTTP port number for the REST Operations Hub Service process when the service uses the HTTP protocol. Default is 6555.
HTTPS Port	Port number that the REST Operations Hub Service runs on when you enable the Transport Layer Security (TLS) protocol. Use a different port number than the HTTP port number.
Enable Transport Layer Security	Select to enable a secure connection between the REST Operations Hub Service and REST client.
Keystore File	Directory where the keystore file that contains the digital certificates is stored.
Keystore Password	Plain-text password for the keystore file. If this property is not set, the REST Operations Hub Service uses the default password.
SSL Protocol	A blank field enables the highest version of TLS available. The version of TLS enabled depends on the value. If you enter a value, earlier versions of TLS might be enabled. The behavior is based on the Java version for your environment. For more information, see the documentation for your Java version.

Security for the Web Services Hub Console

When you create the Web Services Hub Service, you can configure the secure HTTPS properties for the Web Services Hub console.

To secure the connection between the browser and the Web Services Hub Service, configure the following Web Services Hub Service properties:

Property	Description
URLScheme	Indicates the security protocol that you configure for the Web Services Hub: - HTTP. Run the Web Services Hub on HTTP only. - HTTPS. Run the Web Services Hub on HTTPS only. - HTTP and HTTPS. Run the Web Services Hub in HTTP and HTTPS modes.
HubPortNumber (https)	Port number for the Web Services Hub on HTTPS. Appears when the URL scheme selected includes HTTPS. Required if you choose to run the Web Services Hub on HTTPS. Default is 7343.
Keystore File	Path and file name of the keystore file that contains the keys and certificates that are required for an HTTPS connection.
Keystore Password	Password for the keystore file. If this property is not set, the Web Services Hub uses the default password changeit.

Security for Metadata Manager

When you create the Metadata Manager Service, you can configure the secure HTTPS properties for the Metadata Manager web application.

To secure the connection between the browser and the Metadata Manager Service, configure the following Metadata Manager Service properties:

Property	Description
Enable Secure Sockets Layer	Indicates that you want to configure a secure connection for the Metadata Manager web application. Note: This property is displayed when you create a Metadata Manager Service. To secure the connection for an existing Metadata Manager Service, set the URL Scheme configuration property to HTTPS.
Port Number	Port number that the Metadata Manager application runs on. Default is 10250.
Keystore File	Keystore file that contains the keys and certificates required if you configure a secure connection for the Metadata Manager web application. Note: The Metadata Manager Service uses RSA encryption. Therefore, Informatica recommends that you use a security certificate that was generated with the RSA algorithm.
Keystore Password	Password for the keystore file.