SSL configuration

SSL (Secure Socket Layer) technology enables clients and servers to communicate securely by encrypting all communications. Data are encrypted before they are sent and decrypted by the recipient. This communication cannot be deciphered or modified by third-parties.

IBM® UrbanCode Deploy enables the server to communicate with its agents and other servers via SSL in two modes: unauthenticated and mutual authentication. In unauthenticated mode, communication is encrypted but users do not have to authenticate or verify their credentials. IBM UrbanCode Deploy automatically uses this mode for JMS-based server/agent communication (you cannot turn this mode off). SSL unauthenticated mode can also be used for HTTP communication. You can implement this mode for HTTP communication during server/agent/agent relay installation, or activate it afterward, as explained below.

Important:

IBM UrbanCode Deploy automatically uses SSL in unauthenticated mode for JMS-based communications between the server and agents (JMS is the primary communication method for IBM UrbanCode Deploy). Because agent relays do not automatically activate SSL security, you must turn it on during relay installation or before you connect to the relay. Without SSL security active, agent relays cannot communicate with the server or remote agents.

In mutual authentication mode, servers, local agents, and agent relays each provide a digital certificate to one another. A digital certificate is a cryptographically signed document that is intended to assure others about the identity of the certificate's owner. IBM UrbanCode Deploy certificates are self-signed. When mutual authentication mode is active, IBM UrbanCode Deploy uses it for JMS-based server, local agents, and agent relay communication.

To activate this mode, the IBM UrbanCode Deploy server provides a digital certificate to each local agent and agent relay, and each local agent and agent relay provides one to the server. Agent relays, in addition to swapping certificates with the server, must swap certificates with the remote agents that use the relay. Remote agents do not have to swap certificates with the server, just with the agent relay it uses to communicate with the server. This mode can be implemented during installation or activated afterward, as explained below.

Note: When you use mutual authentication mode, you must turn it on for the server, agents, and agent relays, otherwise they cannot connect to one another. If one party uses mutual authentication mode, they all must use it.

Feedback