The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
– Oracle JDK 1.8.0_77 or higher update
– Open JDK 1.8.0_77 or higher update in the server.
– --user=adminuser --password=newscale
Note You must do the necessary changes if your username and password is changed.
Step 1 Create in the C:\SSL path, navigate to the directory and execute the following steps.
This creates a pair of server keys (private and public) and client keys.
a. Enter the following commands to create private keys for server (serverkey) and client (clientkey) respectively.
Note Ensure that the details entered for creating the private keys and public keys match for both client and server.
Note The default password used is secret for creating the keys. If you want to create a new password, then replace the word secret by the chosen password in rcjms.properties, integration-server.properties, and standalone-full.xml files.
Note Enter the IP address of the host machine when prompted for the first name and the last name.
b. Enter the following commands to export the keys into a certificate.
c. Enter the below commands to export public keys from certificates and import them into truststores.
d. Place the keystore and truststore files in the following locations:
Step 2 Edit the rcjms.properties in RequestCenter.war and integration-server.properties in ServiceLink.war.
a. In the Request Center file, edit the following variables under the rcjms.properties section:
– Replace all occurrences of http-remoting with https-remoting.
– Replace all occurrences of port 6080 with port 6443.
Note Ignore the below information for enabling SSL on 11.1.
b. In the Service Link file, edit the following variables under integration-server.properties section:
– Replace all occurrences of http-remoting with https-remoting.
– Replace all occurrences of port 6080 with port 6443.
Note Ignore the below information for enabling SSL on 11.1.
Step 3 Copy the attached https-users.properties and https-roles.properties in the following locations:
Step 4 Replace standalone-full-RC.xml by Standalone-full_RC_SQL.xml/Standalone-full_RC_Oracle.xml, and standalone-full-SL.xml by Standalone-full_SL_SQL.xml/Standalone-full_SL_Oracle.xml and place them in the following locations. Download these xml files from the location here .
Note You must modify the data source accordingly if the installation is oracle.
Rename the above files to standalone-full.xml and perform the following operations for Service Link Oracle:
a. Replace the IP_ADDRESS and DB_NAME with the IP address and the name of the database used by the customer.
b. Replace the IP_ADDRESS with the IP address of the machine where the application is installed.
Step 5 Add a dependency in the module file located in the following path: C:\Install_Dir\wildfly-8.2.0.Final\modules\system\layers\base\io\netty\main\module.xml
Step 6 Edit the newscale.properties and make sure that the isee.base.url variable is set to https://<ip-address>:6443.
Note You must use this Step 7 only for 11.1.
Step 7 Copy the following in startServiceCatalog.conf.cmd/startServiceCatalog.conf.sh:
Step 8 Clear the server logs and restart the Service Link followed by Request Center.
Step 1 Enter the below commands to create private key for standalone custom:
a. Enter the following commands to create private keys for server (server1key) and client (client1key) respectively on RC.
b. Enter the following commands to create private keys for server (server2key) and client (client2key) respectively on SL.
Step 2 Enter the below commands to export the keys into a certificate:
Step 3 Enter the below commands to export public keys from certificates and import them into truststores.
Copy the server2.crt from SL to RC (C:\SSL) before this command:
Copy the client1.crt from RC to SL(C:\SSL) before this command:
Step 4 Edit the rcjms.properties in RequestCenter.war (VM1) and integration-server.properties (VM2) in ServiceLink.war.
a. In the Request Center file, edit the following variables under the rcjms.properties section:
– Replace all occurrences of http-remoting with https-remoting.
– Replace all occurrences of port 6080 with port 6443.
Note Ignore the below information for enabling SSL on 11.1.
b. In the Service Link file, edit the following variables under integration-server.properties section:
– Replace all occurrences of http-remoting with https-remoting.
– Replace all occurrences of port 6080 with port 6443.
Note Ignore the below information for enabling SSL on 11.1.
Step 5 Copy the attached https-users.properties and https-roles.properties in the following locations:
Step 6 Replace standalone-full-RC.xml by Standalone-full_RC_SQL.xml/Standalone-full_RC_Oracle.xml and standalone-full-SL.xml by Standalone-full_SL_SQL.xml/Standalone-full_SL_Oracle.xml and place them in the following locations. Download these xml files from the location here .
Note You must modify the data source accordingly if the installation is oracle.
Rename the above files to standalone-full.xml and perform the following operations for Service Link Oracle:
a. Replace the IP_ADDRESS and DB_NAME with the IP address and the name of the database used by the customer.
b. Replace the IP_ADDRESS with the IP address of the machine where the application is installed.
Step 7 Add a dependency in the module file located in the following path: C:\Install_Dir\wildfly-8.2.0.Final\modules\system\layers\base\io\netty\main\module.xml
Note Perform the Step 5 to Step 7 for both VM1 and VM2.
Step 8 Edit the newscale.properties in VM1 and make sure that the isee.base.url variable is set to https://<ip-address>:6443.
Note You must use this Step 9 only for 11.1.
Step 9 Copy the following in startServiceCatalog.conf.cmd/startServiceCatalog.conf.sh:
Step 10 Clear the server logs and restart the Service Link followed by Request Center.
Step 1 Create in the C:\SSL path, navigate to the directory and execute the following steps.
This create a pair of server keys (private and public) and client keys.
Note Ensure that the details entered for creating the private keys and public keys match for both client and server.
Note The default password used is secret for creating the keys. If you want to create a new password, then replace the word secret by the chosen password in rcjms.properties, integration-server.properties, and domain.xml files.
Note Enter the IP address of the host machine when prompted for the first name and the last name.
a. Enter the following commands to create private keys for server (serverkey) and client (clientkey) respectively.
b. Enter the below commands to export the keys into a certificate.
c. Enter the below commands to export public keys from certificates and import them into truststores:
Copy server2.crt and client2.crt from VM2 to VM1.
Enter the below commands in VM1.
Copy server1.crt and client1.crt from VM1 to VM2.
Enter the below commands in VM2.
Step 2 Enter the path to client.keystore and client.truststore with the password and truststoretype.
Note For HC2, rename the physical files client2.keystore, client2.truststore, server2.keystore and server2.truststore with names same in VM1. This is because the binary gets deployed from VM1 to VM2, which will have the rcjms.properties
Enter the below code in startServiceCatalogCluster.conf.sh / startServiceCatalogCluster.conf.bat
Step 3 Make the following changes in /content/RequestCenter.war and /content/ISEE.war.
Then unzip the RequestCenter.war and ISEE.war in /INSTALL_DIR/dist to recreate the war files.
a. For RC in rcjms.properties and for SL in integrationserver.properties, enter the values as below:
– Replace all occurrences of http-remoting with https-remoting.
– Replace all occurrences of port 6080 with port 6443.
Note Ignore the below information for enabling SSL on 11.1.
– Add the following entries in rcjms.properties and integrationserver.properties.
b. Edit the newscale.properties and make sure that the isee.base.url variable is set to https://<ip-address>:6443.
Step 4 Copy the https-users.properties and https-roles.properties which are attached in this page or else you can create your own by following the steps below.
a. Replace https-users.properties and https-roles.properties attached in the following location:
JBOSS_HOME/domain/configuration.
Note The JBOSS_HOME is the variable set by user in client VM.
Note To create a new or modify the existing username and password, perform the following step below.
b. Create the right HEX password in the https-user.properties file, created with httpRealm using the command below:
Step 5 Copy the jms credentials, admin credentials, HOST1 and HOST2 credentials to the https-user.properties in JBOSS_HOME/domain/configuration.
Step 6 Copy https-users.properties and https-roles.properties from JBOSS_HOME/domain/configuration to the following location:
Note You must modify the data source accordingly if the installation is oracle.
Step 7 Replace the domain.xml and hostva_backup.xml or hostva.xml with the attached 2VM_SQL_domain.xml/4VM_Oracle_domain.xml and 2VM_hostva_backup.xml for VM1. Also replace the host2_backup.xml or host2.xml in VM2 with the attached 2VM_host2_backup.xml. Download these xml files from the location here .
a. Replace the IP_ADDRESS and DB_NAME with the IP address and the name of the database used by the customer.
b. Replace the IP_ADDRESS with the IP address of the machine where the application is installed.
Step 8 Add a dependency in the module file located in the following path: <INSTALL_DIR>\wildfly-8.2.0.Final\modules\system\layers\base\io\netty\main\module.xml in both VM1 and VM2.
Step 9 Clear the server logs and restart the Service Link followed by Request Center.
Step 1 Create in the C:\SSL path, navigate to the directory and execute the following steps.
This creates a pair of server keys (private and public) and client keys.
a. Enter the following commands to create private keys for server (server.keystore) and client (client.keystore) respectively.
Note Ensure that the details entered for creating the private keys and public keys match for both client and server.
Note The default password used is secret for creating the keys. If you want to create a new password, then replace the word secret by the chosen password in rcjms.properties, integration-server.properties, and domain.xml files.
Note Enter the IP address of the host machine when prompted for the first name and the last name.
b. Enter the below commands to export the keys into a certificate.
For VM2 – (Host Controller - HOST1)
a. Enter the following commands to create private keys for server (server1.keystore) and client (client1.keystore) respectively.
Note Ensure that the details entered for creating the private keys and public keys match for both client and server.
Note The default password used is secret for creating the keys. If you want to create a new password, then replace the word secret by the chosen password in rcjms.properties, integration-server.properties, and domain.xml files.
Note Enter the IP address of the host machine when prompted for the first name and the last name.
b. Enter the below commands to export the keys into a certificate.
For VM3 – (Service Link - Standalone)
a. Enter the following commands to create private keys for server (serverSL.keystore) and client (clientSL.keystore) respectively.
Note Ensure that the details entered for creating the private keys and public keys match for both client and server.
Note The default password used is secret for creating the keys. If you want to create a new password, then replace the word secret by the chosen password in rcjms.properties, integration-server.properties, and domain.xml files.
Note Enter the IP address of the host machine when prompted for the first name and the last name.
b. Enter the following commands to export the keys into a certificate (serverSL.crt and clientSL.crt):
Step 2 Key generation for all VM's, to export public keys from certificates and import them into truststores.
a. Copy server.crt and client.crt from VM1 to VM2. Enter the below commands in VM2.
b. Copy serverSL.crt and clientSL.crt from VM3 to VM2. Enter the below commands in VM2.
c. Copy server1.crt and client1.crt from VM2 to VM1. Enter the below commands in VM1.
d. Copy server1.crt and client1.crt from VM2 to VM3. Enter the below commands in VM3.
e. Ensure that serverSL.crt and clientSL.crt is located in VM3. Enter the below commands in VM3.
Step 3 Place the keystore and truststore files in the following locations:
a. Copy the truststores and keystores of VM1 and VM2 in the following locations in the same machine:
b. Copy the truststores and keystores of VM3 in the following locations:
Step 4 Startup script Changes:
a. Add the following snippets in startServiceCatalogCluster.conf.cmd/startServiceCatalogCluster.conf.sh in VM1:
b. Copy the following in startServiceCatalogCluster.conf.cmd/startServiceCatalogCluster.conf.sh in VM2:
c. Copy the following in startServiceLink.conf.cmd/startServiceLink.conf.sh in VM3:
Step 5 Make the following changes in C:\4VM_SSL_Domain\wildfly-8.2.0.Final\bin\jboss-cli.xml in all VM's:
Note Replace the tag IP_ADDRESS in the below code snippet with the IP address of the respective VM:
Step 6 Copy the attached 4VM-https-roles.properties (as https-roles.properties) and 4VM-https-users.properties (as https-users.properties) in C:\4VM_SSL_Domain\wildfly-8.2.0.Final\domain\configuration in VM1 and VM2.
Step 7 Configuration File Changes:
a. Copy the attached 4VM_SQL_domain.xml/4VM_Oracle_domain.xml (as domain.xml) in VM1
– Replace the IP address (10.76.82.36 by default) with the IP address of VM1 in the <outbound-socket-binding name="remote-http"> section.
– Replace the IP address (10.76.82.36 by default) with the IP address of VM1 in the <interfaces> section.
– Replace the IP address (10.76.81.198 by default) and name of the database with the IP address of the machine (where database server is located) and the name of the currently used database in the <datasource jndi-name="java:/REQUESTCENTERDS" pool-name="REQUESTCENTERDS" enabled="true"> section.
b. Copy the attached 4VM_host_default.xml (as host_default.xml) in VM1
– Replace the IP address (10.76.82.36 by default) with the IP address of VM1 in the <interface name="unsecure"> section.
c. Copy the attached 4VM_host1_backup.xml (as host1.xml OR host1_backup.xml) in VM2 and make the following changes:
– Replace the IP address (10.76.82.38 by default) with the IP address of VM2 in the <interfaces> section.
– Replace the IP address (10.76.82.36 by default) with the IP address of VM1 in the <domain-controller> section.
d. Copy the attached 4VM-standalone-SL.xml (as standalone-full.xml) in VM3 and make the following change:
– Replace the IP address (10.76.82.37 by default) with the IP address of VM3 in the <outbound-socket-binding name="my-http"> section.
a. Make the following changes in the exploded version of RequestCenter.war in VM2:
– Replace all occurrences of http-remoting with https-remoting.
– Replace all occurrences of port 6080 with port 6443.
Note Ignore the below information for enabling SSL on 11.1.
Replace the IP-ADDRESS with the IP address of VM3 and port 6443 in newscale.properties for the following key-value pair: isee.base.url=https://<IP-ADDRESS>:6443
b. Make the following changes in ServiceLink.war in the deployments directory of VM3:
– Replace all occurrences of http-remoting with https-remoting.
– Replace all occurrences of port 6080 with port 6443.
c. Make the following changes in VM1:
– Replace all occurrences of http-remoting with https-remoting.
– Replace all occurrences of port 6080 with port 6443.
Note Ignore the below information for enabling SSL on 11.1.
Note The CLIENT_KEYSTORE and CLIENT_TRUSTSTORE refer to the keys of VM1.
– Replace the IP-ADDRESS with the IP address of VM3 and port 6443 in newscale.properties for the following key-value pair: isee.base.url=https://<IP-ADDRESS>:6443
– Once the above changes are done, compress back RequestCenter.war and then run the deployment script. When running the deployment script, the user can select either to permanently accept the certificate or temporarily accept the certificate.
Step 9 Add the following dependency in the module file located in the following path: C:\Install_Dir\wildfly-8.2.0.Final\modules\system\layers\base\io\netty\main\module.xml in all VM's:
Step 10 Run jboss-cli.sh and permanently accept the certificate to set up 4VM cluster on Linux environment.
This section provides information for cluster setup for 11.1 fix only.
Note Replace the backward slash (\) with the forward slash (/)for Linux systems while executing the commands in the terminal.
Note The notations used are VM1 = DC, VM2 = SL, VM3 = HC1, VM4 = HC2.
Step 1 Enter the RequestCenter url of VM1 on Internet explorer browser of VM1.
Note Ensure that the 2 VM servers are up in the cluster.
Step 2 Select Continue to this website (not recommended) from the display window.
Step 3 Click Certificates in the bottom pane of the certification information window.
Step 4 Select Details tab of the display window and click Copy to File.
Step 5 Click Next in the certificate export wizard.
Step 6 Select DER encoded binary X.509.cer in Certificate export wizard.
Step 7 Click Copy to browse to the path where you want to export the certificate, for example:
Step 8 Enter the following command in VM1 from the JAVA_LOCATION\jdk\jre\bin directory to determine the entries in the cacerts file.
Step 9 Enter changeit as the keystore password.
Note Note the number of entries in the cacerts file and the size of the cacerts file.
Step 10 Add the server certificate by running the following command:
Note The Java Runtime Environment (JRE) doesn't know about the existence of the server certificate until it is added to its keystore.
Step 11 Enter changeit as the keystore password.
Step 12 Enter the following commands from the bin directory to determine the entries in the cacerts file.
Step 13 Enter changeit as the keystore password.
Note Verify the number of entries in the cacerts and the size of the cacerts file. The number of entries should be increased by 1 and the size of the cacerts file should be increased by 1KB.
This confirms that your private root certificate has been added to the extranet server cacerts keystore as a trusted certificate authority.
Copy the certificate from VM1 to VM2 and repeat the same procedure. For example:
Step 15 Now restart the server and perform the cluster operations.
You must perform the following to setup cluster for four VM. The serverSL.crt and clientSL.crt generated in VM2 are added to the cacerts file as follows:
Step 1 Enter the following command in the bin folder of java pointing to the current directory in Command Prompt:
Note You must use Terminal for Linux.
Step 2 Enter the following command and determine the entries in the cacerts file.
Enter the keystore password as changeit if prompted.
Note Note down the size of the file for verification purpose.
Step 3 Enter the following command to add the clientSL.crt to the cacerts file.
Note For example .crt file is available in the C:\SSL Directory.
Step 4 Enter the following command to add the serverSL.crt to the cacerts file.
Note For example .crt file is available in the C:\SSL Directory.
Step 5 Enter the following command and determine the entries in the cacerts file.
Enter the keystore password as changeit if prompted.
Note Verify the number of entries in the cacerts file is increased by a factor of 2. Also the size of the cacerts file is increased by 2KB.
Step 6 Copy the modified cacerts file from VM2 and replace it with the cacerts file of VM1, VM3 and VM4 in their respective locations.
Note You may keep backup of the cacerts file before replacing the modified cacerts file, if required.
Step 7 Restart all the servers and start the cluster by running the cluster scripts.
Step 1 Setup the 2 VM SSL enabled cluster, see Cluster Setup for Two VM .
Step 2 Start the servers on host1 and host2 and complete the deployment process
Step 3 Download and install the Apache httpd version 2.4.18 in a separate VM from that of the WildFly cluster, see https://www.apachehaus.com/cgi-bin/download.plx?dli=gWy82MONVWy0kej9SWYZFbJVlUGRVYSZ1YxIUN
Step 4 Enabling SSL on Apache on Windows.
– A copy of Apache that includes SSL support.
Note The Apache downloaded has the SSL support, don’t download any other module separately.
b. Copy the openssl.cnf file in openSSL into the directory C:\Apache\bin\.
Step 5 Create a Self-Signed Certificate.
Note The files created for the certificate has the same name with different extensions.
Note The name bob used in the example commands below can be replaced as needed.
a. To create a new certificate enter the following command in the command prompt after switching to the directory that contains OpenSSL, for example C:\Apache\bin\:
b. You would be prompted to answer a bunch of questions, the answers to which can all be left blank except for:
– PEM pass phrase: This is the password associated with the private key (bob.pem) that you are generating. This will only be used in the next step, you can make it anything you like.
– Common Name: This should be the fully-qualified domain name associated with this certificate, for example the IP addressed is used here.
When the command completes you should have a two files called bob.csr and bob.pem in your folder.
c. Create a non-password protected key for Apache to use:
You will be prompted for the password that you created above, after which a file called bob.key should appear in your folder.
d. To create an X.509 certificate, which Apache also requires:
e. The self-signed certificate that Apache can use to enable SSL is created, for example the file are added in the path:
Step 6 Replace C:\Apache24\conf\httpd.conf and C:\Apache24\conf\extra\httpd-ssl.conf in your local with the corresponding files attached in this page.
Note You can rename bob name with the name you have given for certificate/key.
Step 7 Replace the IP address based on your environment in both httpd.conf and httpd-ssl.conf.
Step 8 Enter the following command to start the Apache Httpd:
Step 9 Test with url https://<ip>/RequestCenter
Step 10 Enter the following to stop the Apache httpd webserver:
Step 11 For Linux environments, replace the files added in the attachments.
On enabling SSL on Wildfly Application Server in Standalone mode (Typical and Custom), incorporate the following changes to enable it work:
Step 1 Replace the following code snippet in standalone-full.xml in the path: C:\Installation Directory\wildfly-8.2.0.Final\ServiceCatalogServer\configuration\standalone-full.xml.
Step 2 Replace the following code snippet in standalone-full.xml in the path: C:\Installation Directory\wildfly-8.2.0.Final\ServiceLinkServer\configuration\standalone-full.xml.
Step 3 Set CONTROLLER_PORT variable to 9993 in stopServiceCatalog.cmd / stopServiceCatalog.sh.
Step 4 Set CONTROLLER_PORT variable to 7443 in stopServiceLink.cmd / stopServiceLink.sh.