Configuring the HTTPS Protocol to Connect with TA Client Manager

Note: Tidal recommends configuring the TA Client Manager to use SSL via the HTTPS protocol. If your environment is configured to use HTTP, skip this section.

For information about configuring the TA Client Manager to use HTTP or HTTPS protocols, refer to the Tidal Automation Installation Guide.

Obtain security certificates

From a Windows desktop, use the browser to obtain the security certificate for the TA Client Manager. Note that the procedure below can be implemented from your Windows desktop.

Only follow the instructions below if:

  • Your server certificate is self-signed (generated in-house).

  • Your server certificate is signed by a certification authority that is not trusted by the version of Java currently in use.

  • Your adapter connection fails (the error message unable to find valid certification path to requested target is displayed).

To obtain TA Client Manager target security certificates

  1. Open the browser and navigate to these URL (replacing servername and port as it applies to your environment): 

    https://<ClientManagerHost: ClientManagerPort>/

    where ClientManagerHost is the hostname of the machine where the Client Manager is the installed and the ClientManagerPort is the port on which the Client Manager is listening. A Security Alert message displays.

  2. Click View Certificate to open the Certificate dialog.

  3. Click Install Certificate.

  4. Click Next on the Certificate Import Wizard Welcome panel.

  5. Use the default option Automatically select the certificate store based on the type of certificate on the Certificate Store panel and click Next.

  6. Click Finish on the Completing Certificate Import Wizard panel.

    If a Security Warning message displays indicating that installation of a certificate from a certification authority is about to begin, click Yes to continue with the certificate installation. A message, The import was successful, appears.

  7. Click OK to close the message and return to the Certificate dialog.

  8. Click OK on the Certificate dialog.

Export security certificates

Note: The procedure describes the security certificates export process. This is an example only using the Internet Explorer® browser. If you wish to use a different browser, refer to the Tidal Automation Configuration Matrix for specific web browsers and browser versions supported. After you have obtained the security certificates for the target server, you must export them from the Internet Explorer cache to a local directory.

To export the cached certificates to a local directory:

  1. Create this directory C:\SolManCerts for the certificates on the local computer.

  2. Click Tools > Internet Options on Internet Explorer.

  3. Click the Content tab.

  4. Click Certificates on the Certificates area.

  5. Click the Trusted Root Certification Authorities tab to display the list of trusted certificates.

    Note: This list contains target server certificates obtained in the previous procedure (see Obtain security certificates).

  6. Locate the applicable certificates from the list.

  7. Perform this procedure for each target server certificate:

    1. Click the certificate and click Export to launch the Certificate Export wizard.

    2. Click next on the Welcome panel.

    3. Use the default option DER encoded binary X.509 (.CER) on the Export File Format panel and click Next.

    4. Enter the complete path to the SolmanCerts directory on the File To Export panel and a unique name for the certificate:

      C:\SolmanCerts

    5. Click Next.

    6. Click Finish to complete the export in the Completing the Certificate Export Wizard panel.

      A message, The export was successful is displayed. Click OK to close the message box.

  8. Click Close to exit the Certificates dialog after all target server certificates have been exported.

  9. Click OK to close the Internet Options dialog.

Import target server certificates into a Java keystore

To import certificates into a Java keystore

  1. Open a Windows Command Prompt window.

  2. Enter these commands to change the directory where certificates are stored:

    c:
    cd \SolManCerts

  3. Use the Java keytool utility to import a certificate. This syntax is used:

    keytool -import -file <certificate-filename> -alias <server-name> -keystore SolMan.keystore

    Example: C:\SolmanCerts -import -file servername.cer -alias servername -keystore Solman.keystore

  4. Enter a password at the prompt when prompted to create a password for the keystore. The keystore utility displays the certificate information.

  5. Enter Yes At the Trust this certificate [no] prompt and press Enter.

    The certificate is imported into the SolMan.keystore keystore to display the message Certificate was added to keystore.

  6. Repeat this procedure for each target server.

  7. Navigate to this folder where the adapter is installed and create a new directory named config:

    <install dir>\master\services\{A9B990D3-B8C4-413A-8D0E-8919A660DC81}\config

  8. Create a text file named service.props if the file does not already exist.

  9. Open the service.props text file and add this line:

    Keystore=c:\\SolManCerts\\SolMan.keystore

    Note: Pat attention to the use of escaped backslashes for Windows directories.

See Configuring service.props for information about general and adapter-specific properties that can be set to control things like logging and connection properties.

Note: This feature is effective only if the Master is running and you have configured HTTPS protocol by specifying the Keystore property in adapter's service.props.