pp108 : Using OTDS with SSL

Using OTDS with SSL

This topic describes the procedure for securing the communication between Process Platform and OTDS.

Introduction

Process Platform and OTDS share sensitive information like secret keys. To prevent other persons to intercept such information, it is advised to enable SSL (https://) on Process Platform and OTDS.

There is communication from Process Platform to OTDS when:

There is communication from OTDS to Process Platform when:

Securing communication from Process Platform to OTDS

If the OTDS Server is protected by SSL, the platform needs to trust the SSL certificate.

If the Certificate Authority, that is used to sign the SSL certificate, is not trusted by Process Platform or if the certificate is self-signed, then the certificate needs to be added to the Process Platform trust store. Follow the instructions in Adding a New Certificate to perform this action.

Securing communication from OTDS to Process Platform

If the platform webserver or load balancer is protected by SSL, the OTDS Server needs to trust the SSL certificate.
OTDS uses the standard Java trust store, hence adding the certificate to that trust store configures the trust between OTDS and Process Platform.

Follow the instructions of the JVM vendor to add a certificate to the trust store of the JVM.

For example:

keytool -import -trustcacerts -keystore "<<JAVA_HOME>>\jre\lib\security\cacerts" -storepass changeit -noprompt -alias mycert -file "<<full path to certificate file>>"