Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • Administrator
  • All Products

Table of Contents

Search

  1. Preface
  2. Secure Agent services
  3. API Microgateway Service
  4. CMI Streaming Agent
  5. Common Integration Components
  6. Database Ingestion service
  7. Data Integration Server
  8. Elastic Server
  9. File Integration Service
  10. GitRepoConnectApp
  11. IDMC Data Gateway Service
  12. Mass Ingestion (Files)
  13. Metadata Foundation Application
  14. Metadata Platform Service
  15. Process Server
  16. SecretManagerApp
  17. Configuring Secure Agent service properties

Secure Agent Services

Secure Agent Services

Back Next

Configuring public certificates and private keys for Process Server

Configuring public certificates and private keys for Process Server

When you use Application Integration processes and connections to connect to an SSL-enabled endpoint, you must have public certificates and/or private keys. You must import the public certificates and private keys for the processes and connections to the Secure Agent.
After configuring public certificates and private keys for Process Server, enable mutual authentication for Process Server,

Import public certificates and private keys for processes and connections

To connect to an SSL-enabled endpoint, such as a web service, queue, or a JDBC connection, you need a public certificate and/or a private key.
You must import the certificates to the Secure Agent machine where the process or connection is published in order for the process or connection to establish SSL-enabled connections to these endpoints.
To import the public certificates and/or private keys, perform the following steps:
  • For public certificates, place the cert file in the following location and restart the Secure Agent: 
    <Secure Agent installation directory>/apps/process-engine/conf/certs
  • For private keys, import the keys to the
    ae.keystore
     file in the following location and restart the Secure Agent: 
    <Secure Agent installation directory>/apps/process-engine/conf
You must import and place the public cert file in
x509
 format in the
certs
 folder mentioned above. You must import the certificates and keys in the same locations to ensure ease of use and compatibility with upgrades. ​
Additionally, to import a secret private key within the Informatica Keystore, the secret key must have the same keystore format, that is, PKCS12 "
.p12
". For example, if the secret key is provided in the "
.pfx
" format, you must convert it to "
.p12
". You can verify this with the certificate provider.
To connect to the Secure Agent through the domain name and not the localhost, you can generate the certificate based on the domain name that you want to connect to and copy the certificate into the
certs
 folder.

Enable mutual authentication for Process Server

After upgrading the Process Server with the latest package, enable mutual authentication for Process Server using one of the following methods:
  • Enable mutual authentication from Administrator.
  • Manually update the
    server.xml.mustache
     file.
To enable mutual authentication from Administrator, perform the following steps:
  1. In Administrator, select
    Runtime Environments
    .
  2. On the
    Runtime Environments
     page, click the name of the Secure Agent.
    You might have to expand the Secure Agent group to see the list of Secure Agents within the group.
  3. Click the
    Details
     tab.
  4. In the upper right corner, click
    Edit
    .
  5. Scroll down to the
    Custom Configuration Details
     area.
  6. If there are custom properties already configured, click the
    Add
     icon to add a new property row.
  7. Select the service as
    Process Server
    .
  8. Select the configuration property type as
    connectors
    .
  9. Enter the property name as
    https-clientAuth
     and the value as
    true
     as shown in the following image:
    The image shows the custom property https-clientAuth set to true to enable the mutual authentication for Process Server.
  10. Click
    Save
    .
    The status of the Process Server service shows up as
    Restart Required
    .
  11. Restart the Process Server for the change to take effect.
To manually update the
server.xml.mustache
 file, perform the following steps:
  1. Log in to the Secure Agent machine.
  2. Go to the following directory: 
    <Secure Agent installation directory>/downloads/package-process-engine.<latest_version>/package/app/conf/
    ​​
  3. Edit the
    server.xml.mustache
     file and change the value of the
    clientAuth
     property from
    want
     to
    true
    .
  4. Save the
    server.xml.mustache
     file.
  5. Restart the Secure Agent for the change to take effect.
The default keystore is
ae.keystore
 and it is installed with a localhost certificate.
For more information about the Process Server keystore and truststore configurations, see the attachment in Knowledge Base article 611562.
0 COMMENTS
We’d like to hear from you!