IBM Support

Configure IBM Content Collector to use SSL to communicate with IBM FileNet P8.

Question & Answer


Question

How do I configure IBM Content Collector (ICC) to use SSL to communicate with IBM FileNet P8 for all components?

Cause

ICC communicates with P8 in several different components. Depending on the API used for the various components, P8 certificates need to be installed in multiple places.

Answer

Do the following steps to install P8 certificates. Depending on your business requirements, you may not use all of the components so some steps may not be necessary.

  • First obtain a P8 server certificate by accessing the P8 Content Engine ping page using this URL:

    • https://<ce_server>:<ssl_port>/FileNet/Engine

    From the browser, view the certificate and copy it to a file. Use it for later steps.
    Do not use the MTOM page as it may not produce the same certificate that ICC requires.

  • Perform this step if you are going to run ICC Initial Configuration to create new document classes in P8 object store.
    • To import the certificate, issue the following command, where ICCInstallDir is the directory of your Content Collector installation and P8CertificatFile is the certificate for the FileNet P8 server:

      • "ICCInstallDir\java\jre\bin\keytool.exe" -import -file P8CertificateFile 
      -keystore "      ICCInstallDir\java\jre\lib\security\cacerts" -alias afup8

    • At the password prompt, enter the password for the JRE keystore. (The default password is changeit.)
    • Enter y when asked whether to trust the certificate.
    • Run ICC Initial Configuration and you should then be able to validate the connection with P8 using SSL.
  • Perform this step if you are going to run task route archiving to P8:
  • Perform this step if you are going to retrieve, restore, or search for documents from P8:
    • Start ikeyman from ICC-install-directory\AFUWeb\ewas for the ICC embedded web application server.
    • In the ikeyman utility, select Key Database File > Open, and select PKCS12 as key database type.
    • In the Location field, specify the WAShome\profiles\profile name\config\cells\cell name\nodes\node name\trust.p12 file.
      Replace WAShomeprofile namecell name, and node name with the proper values of your web application server installation.
    • Click OK.
    • When prompted for a password, enter the password. Click OK. The default password is WebAS.
    • Under the Signer certificates list, click Add to add the P8 certificate.
    • Exit ikeyman utility and restart IBM Content Collector Web Application service.
    • For more details instructions, refer to this document:

      • http://www.ibm.com/support/knowledgecenter/SSAE9L_4.0.1/com.ibm.content.collector.doc_kc/installing/t_afu_establish_trust_relationship.dita?lang=en

[{"Product":{"code":"SSAE9L","label":"Content Collector"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"All Content Collector products","Platform":[{"code":"PF033","label":"Windows"}],"Version":"3.0;4.0;4.0.1;4.0.1.2","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
17 June 2018

UID

swg21979016

Page Feedback