Securing Communications between ESCWA and Region Monitor and Control

A started enterprise server instance, or region, must have a Web Services and J2EE listener to enable a JSON interface for monitoring and controlling the live instance.

Communications between ESCWA and the region can be secured by configuring the Web Services and J2EE listener. See TLS Advanced Settings in the Listeners topic for more information.

ESCWA will communicate with the listener as a client and therefore requires TLS client configuration. Like COBOL web-service clients and Enterprise Server command-line utilities, ESCWA uses the Micro Focus Common Client (MFCC). This requires the MFCC configuration file mf-client.dat on the ESCWA host machine needs to be configured appropriately. See Micro Focus Common Client for more information.

Typically, you will need to set the "root" configuration item to point to a file containing the CA certificate(s) needed to verify the server certificate sent by your enterprise server instance.

• If your enterprise server instance uses a server certificate from a public CA, you can probably use the collection of public CA root and intermediate certificates supplied with the product, CARootCerts.pem.
• If your enterprise server instance uses a certificate generated by Demo CA, use the file entities/CAs/EC_CAcollection.pem from your Demo CA instance.
• For server certificates generated with an organizational CA, you will need a CA certificate collection from the CA administrator.

See Installing a Client Certificate for Enterprise Server for more information on configuration if your Web Services and J2EE listener requires a client certificate for TLS authentication.