Topics: |
Note: This functionality is applicable only to monitoring iWay Release 8.0.3 or higher servers.
When first installed, Sentinel and Envoy communicate over HTTP. To secure the communication with SSL, see How to Configure Sentinel for SSL and How to Configure Envoy for SSL.
Sentinel and Envoy can automatically detect when the iWay Service Manager console is secured with SSL. This does not require any special configuration in Sentinel and Envoy.
How to: |
The following procedures describe the steps for configuring Sentinel and Envoy security for SSL.
java -Dcom.ibi.spog.ssl.ignoreHostnameVerify -Djavax.net.ssl.trustStore=tsPath -Djavax.net.ssl.trustStorePassword=tsPassword -Djavax.net.ssl.trustStoreType=tsType -Djavax.net.ssl.keyStore=ksPath -Djavax.net.ssl.keyStorePassword=ksPassword -Djavax.net.ssl.keyStoreType=ksType -jar sentinel.jar -httpsPort=port -keyAlias=alias
where:
Is the absolute path to the truststore file.
Is the password of the truststore file.
Is the truststore file type, for example, JKS.
Is the absolute path to the keystore file.
Is the password of the keystore file.
Is the keystore file type, for example, PKCS12.
Is the HTTPS port, for example 8443.
Is the alias for the Sentinel private key entry in the keystore file.
If the Common Name (CN) of the Envoy certificate reflects the correct host name, you can enable host name verification by omitting the following option:
-Dcom.ibi.spog.ssl.ignoreHostnameVerify
https://localhost:8443
The Security Provider page opens, as shown in the following image.
The Keystore Definition pane opens, as shown in the following image.
The SSL Context Definition pane opens, as shown in the following image.
The Register Settings page opens.