The SSL tool is used to install an SSL certificate to a Prism server, or to revert from SSL secured to unsecured.
The SSL tool has been enhanced in Prism 2.0 by streaming the certificate and key files from a location on the computer used to run Tech Toolkit to the Prism server where it gets applied to that server. These could be the same computer, but they could be different computers. In past versions of the SSL tool the certificate and key files had to be located on the server computer that was to be secured with SSL.
This means it is possible to have certificates and key files for several servers located on a remote computer, for example, at an HQ computer where the certificates may have been created for each store in the enterprise. Then, from the HQ computer, install those certificates on each store computer remotely,
To use the SSL tool, then, the certificate and key files must be on the computer you are using to run Tech Toolkit. This could be the same computer as the server computer, but it doesn't have to be.
To install SSL certificates:
Browse to the location of the certificate file.
Browse to the location of the .pem file.
Click Update Prism Config.
Special Steps for Proxy Only Machines
Machines that have only the Proxy installed (no Prism Server, no DRS) require special consideration.
1. Install the certificate and the key files.
2. Click Update Prism. A confirmation is displayed, explaining that Apache and RabbitMQ must be stopped and then restarted.
3. Launch the Proxy using the desktop shortcut.
4. You will be prompted to enter the domain name for the certificate. Enter your company's domain name. Click OK. (If you don't enter the domain name, the connection will be insecure.)
SSL Manager check of Prism Components
The SSL Manager will detect which Prism components are on the machine: Prism Server, RabbitMQ, and/or the Prism Proxy. This is especially important when the machine in question is a "Proxy only" machine.
- If Prism Server is on the machine, the SSL Manager will modify the prism.conf file to apply the certificates.
- If RabbitMQ is installed, the SSL Manager will modify the rabbitmq.config file.
- If the Proxy is installed, the SSL Manager will apply the certificate file names to the Proxy.ini file.
Once the certificates are applied, the SSL Manager will alert the user to restart Apache or RabbitMQ as needed. If the proxy is being secured, that will also need a restart.
The CA cert is only required for configuring RabbitMQ. There is a RabbitMQ checkbox; if checked, this enables the CA Cert file to be applied. If unchecked, this field is disabled. If RabbitMQ is not installed, the checkbox and CA Cert fields are disabled automatically.