SSL is not enabled in DTP Enterprise Pack by default. You will need to enable SSL if you need to secure the data transported between applications in your infrastructure. If you are using an SSL-enabled reverse proxy server, you do not need to enable SSL for Parasoft applications (see Reverse Proxy Support).

To enable SSL, you must first obtain an authority-signed certificate (CA) from a provider, such as VeriSign, Symantec, or GlobalSign.

Do Not Use a Self-signed Certificate

 Unless you are implementing a reverse proxy infrastructure, only use authority-signed certificates when enabling SSL.

  1. If you have the CA, open the ssl.config.js file in an editor. This file is located in the <DTP_SERVICES>/shared directory.
  2. Change the value of the enabled property to true and set the options to use your certificate. The complete file path to the certificate files along with their file names must be entered in the options. See the node.js documentation for a complete list of options. If the certificate was created with a passphrase, then be sure to include it in your configuration.
    Sample configuration
    var fs = require('fs');
    module.exports = {
        enabled: true,
        options: {
            key: fs.readFileSync("/path/to/file/ssl-certificate-key.key"),
            cert: fs.readFileSync("/path/to/file/ssl-certificate-file.crt"),
            ca: fs.readFileSync("/path/to/file/ssl-certificate-chain.crt"),
            passphrase: "yourpassword"
        }
    };
  3. Save the file.

The same ports are used when SSL is enabled for DTP Enterprise Pack, but they will all use the HTTPS protocol. DTP Enterprise Pack will also use SSL-enabled ports to communicate with DTP. If you want to send data between DTP and Enterprise Pack applications over HTTPS, you must enable SSL for both systems to make sure they work properly.

If you enable SSL for Enterprise Pack, you must also enable SSL for the DTP interface (DTP APIs always run under SSL) so that Report Center and Extension Designer use the same protocol (HTTPS). If you disable SSL and are not using an SSL-enabled reverse proxy server, then passwords and other important information will transmit over the network unencrypted.

  • No labels