Set up SSL between Knowledge Discovery components

If you are using a unified configuration, you can enable SSL communication between Knowledge Discovery components. Set the SSLIDOLComponents parameter to True in the [Server] section.

You can configure Secure Socket Layer (SSL) connections for communication between the following components and other Knowledge Discovery components:

  • Agentstore

  • Category

  • Community

  • Content

  • Proxy

  • View

You can set SSLConfig in the following configuration sections for SSL communications between components:

  • [Server] to configure SSL communications for incoming ACI calls for all components.

  • [IndexServer] to configure incoming SSL communications to the Proxy component index port. This option implicitly includes any indexing components (such as Content).

  • [Service] to configure incoming SSL communications to the Proxy component service port.

  • [Agent] to configure outgoing SSL communications from the Category component to the Content component where the agent index is stored (Agentstore).

  • [AgentDRE] to configure outgoing SSL communications from Knowledge Discovery components to the Content component where the agent index is stored (Agentstore).

  • [CatDRE] to configure outgoing SSL communications from Knowledge Discovery components to the Content component where the category index is stored (Agentstore).

  • [DataDRE] to configure outgoing SSL communications from Knowledge Discovery components to the Content component where the data index is stored (Content).

NOTE: For SSL communication with the Agentstore component, you must also configure SSL settings in the Agentstore component configuration file.

For example:

[Server]
SSLConfig=SSLOptions1
...

[AgentDRE]
SSLConfig=SSLOptions2
...

[DataDRE]
SSLConfig=SSLOptions2
...

For Omni Group Servers:

[Note]
GroupServerHost=...
GroupServerPort=...
SSLConfig=SSLOptions2

[SSLOptions1]             //SSL options for incoming connections
SSLMethod=TLSV1.3
SSLCertificate=host1.crt
SSLPrivateKey=host1.key
SSLCACertificate=trusted.crt

[SSLOptions2]            //SSL options for outgoing connections
SSLMethod=TLSV1.3
SSLCertificate=host2.crt
SSLPrivateKey=9s7BxMjD2d3M3t7awt/J8A
SSLCACertificate=trusted.crt