When two cells have security enabled, such as Lightweight
Directory Access Protocol (LDAP), and you must perform additional
steps so that these cells can communicate with each other.
Before you begin
You must be able to access the deployment manager for each
cell you want to communicate.
About this task
You can add a signer certificate the
trust.p12 file,
allowing that cell to securely communicate with another cell. You
edit the
trust.p12 file at the cell level for
each cell, and then run the
bin/retrieveSigners.sh script
in each cell. After you run the script, the cells can communicate
through Secure Socket Layer (SSL) connections.
Procedure
- Start the deployment manager for each cell.
- On each deployment manager, edit the deployment_manager_profile/properties/ssl.client.props file
to change the com.ibm.ssl.trustStore value to the cell-level default
trust store.
For example, change the line com.ibm.ssl.trustStore=${user.root}/etc/trust.p12 to com.ibm.ssl.trustStore=deployment_manager_profile/config/cells/cell_name/trust.p12.
Remember the original value. You change this value back to the
original value after you run the script.
- Run the bin/retrieveSigners.sh script
from the first cell, including information for the second cell in
the script.
For example:
retrieveSigners.sh CellDefaultTrustStore ClientDefaultTrustStore -autoAcceptBootstrapSigner -conntype SOAP -port 8879 -host seconddmgr.host.ibm.com
- On the first cell, edit the deployment_manager_profile/properties/ssl.client.props file
and change the value back to the original com.ibm.ssl.trustStore value.
- On the second deployment manager, check the deployment_manager_profile/properties/ssl.client.props file
that the com.ibm.ssl.trustStore value is the cell-level default trust
store. Run the bin/retrieveSigners.sh script
from the second cell, including information for the first cell.
- On the second cell, edit the deployment_manager_profile/properties/ssl.client.props file
to change back to the original com.ibm.ssl.trustStore value.
- Restart all of the cells that you are configuring or ensure
that all of the cells have been fully synchronized.
Results
The two cells can establish SSL connections with each other.