devan05

CA DLP Tuesday Tip: Securing the iConsole with SSL

Discussion created by devan05 Employee on Oct 25, 2011
CA DLP Tuesday Tip for 25 October 2011 by Andrew Devine, Snr. Support Engineer

When installing the CA DLP iConsole application server and front-end Web server separately using the installation wizard, you must specify the TCP port used for communication between them. This defaults to port 80, but if required you can specify a non-default port at installation.

The following provides instructions for changing the application server or TCP port after installation. To edit the registry on the front-end Web server

1. On the host machine for the front-end Web server, locate the Web registry key.
2. In this registry key, you need to check the following registry value:

WebServiceMachine

This REG_SZ value specifies the name of the machine hosting the application server.

If this value is set to either LocalHost, or the name of the machine hosting the front-end Web server, the iConsole assumes that both components are hosted on the same machine.
If this value is not set to Localhost or the host machine for the front-end Web server, you need to specify the name of the machine hosting the application server.

3. In the same registry key located in step 1, you need to configure the following registry value:

WebServicePort

This REG_SZ value defaults to 80. It specifies the TCP port used for communication between the front-end Web server and the application server.

a. Change this value to the TCP port number you want to use.

b. If you do change the TCP port, you must ensure that the application server is communicating on the same port. This can be checked using Internet Information Services (IIS).

c. If you are using SSL to communicate over a secure port (for example, 443), you need to configure the following registry value:

WebServiceUseSSL

This REG_DWORD registry value defaults to zero. Set this to 1 if you want the port used for communication between the front-end Web server and the application server to use SSL.

Note: If you are configuring IIS to use SSL (Secure Sockets on port 443) to establish secure communications between the front end and back end webservice server, the server certificate must be in the Fully Qualified Domain Name (FQDN) format of the server hosting the webservice (application) machine and this must match the details entered in the "webservice" registry key. If the certificate name does not match the iConsole will display the error "Webservice machine is currently unavilable"

Outcomes