Hitachi

JP1 Version 12 JP1/Automatic Job Management System 3 - Definition Assistant Description, Operator's Guide and Reference


3.1.5 Setting up communication through SSL

JP1/AJS3 - Definition Assistant with the encrypted communication function enabled can connect to a JP1/AJS3 - Manager with the same function enabled. This subsection explains the settings for the encrypted communication function.

Organization of this subsection

(1) Steps for setting up SSL communication

When JP1/AJS3 - Definition Assistant enables its encrypted communication function, it can connect to a JP1/AJS3 - Manager that has the encrypted communication function enabled.

To set up SSL communication:

  1. Obtain the root certificate (in PEM format) of the certificate authority that issued the server certificate for the destination JP1/AJS3 - Manager.

  2. Store the root certificate you now have in the following folder:

    JP1/AJS3-Definition-Assistant-installation-path\conf\ssl\rootcer

  3. Set the CACERTIFICATEFILE environment settings parameter to the full-path of the root certificate file you stored.

  4. Set the SSL-ENABLE environment settings parameter to 1.

  5. Restart JP1/AJS3 - Definition Assistant.

For details about the environment settings parameters, see 3.2 Environment settings parameters.

Note:
  • The encrypted communication function of JP1/AJS3 - Definition Assistant supports only TLS version 1.2 as an encryption protocol. The function does not support any other protocols and versions.

(2) Unencrypted communication host settings file

If JP1/AJS3 - Definition Assistant with the encrypted communication function enabled connects to a JP1/AJS3 - Manager with the encrypted communication function disabled, create an unencrypted communication host settings file.

To create the file:

  1. Copy the file ajsda_nosslhost.conf.model to the folder shown below. This is the model file of the unencrypted communication host settings file and located in the same folder.

    JP1/AJS3-Definition-Assistant-installation-path\conf\ssl

  2. Rename the copied file to ajsda_nosslhost.conf.

    The file ajsda_nosslhost.conf acts as the unencrypted communication host settings file.

  3. Edit the unencrypted communication host settings file in a text editor.

    The unencrypted communication host settings file should have the following format:

    #Δ[NOT_ENCRYPTION_HOST_LIST]Δ#
    host-name-or-IP-address-of-JP1/AJS3-Manager-that-is-not-accessed-over-SSL
    host-name-or-IP-address-of-JP1/AJS3-Manager-that-is-not-accessed-over-SSL
    ...

Legend:

Δ: Indicates a space character.

JP1/AJS3 - Managers that are listed in the unencrypted communication host settings file are accessed by using clear text.

If the unencrypted communication host settings file is not created, JP1/AJS3 - Definition Assistant with the encrypted communication function enabled always communicates with JP1/AJS3 - Managers in a secure way.

Notes:
  • The host name of JP1/AJS3 - Manager is case-insensitive.

  • An IP address is also available as a host name of JP1/AJS3 - Manager.

  • No verification is performed to check whether the specified host name or IP address of JP1/AJS3 - Manager is valid.

  • Regular expressions are not available in the JP1/AJS3 - Manager host name. For example, you cannot specify the host name as a*, which indicates the "host name that starts with the letter a".

  • A line that starts with # is handled as a comment line.

  • The file can have a maximum of 1,024 lines, including comment lines and blank lines.

  • The specified host name or IP address of JP1/AJS3 - Manager can have a maximum length of 255 bytes.

  • The special host name * is not available, although it is available in the unencrypted communication host settings file for JP1/AJS3 - View. If all the destination JP1/AJS3 - Managers do not communicate over SSL, disable the encrypted communication function in JP1/AJS3 - Definition Assistant by using the environment settings parameter.