Configuring SSL in EMAPI and EMAPI_CLI

This procedure describes how to configure SSL in EMAPI and EMAPI_CLI by creating a Keystore from Certificates using the JAVA keytool.

NOTE: Control-M/EM API has been deprecated. Use the Control-M Automation API instead.

NOTE: In this procedure it is assumed that the <password> is your stored password and the <keystore> is your keystore file name. If you have files other than .pem files you need to use openssl to convert file types.

Before you begin

Ensure that JAVA_HOME is defined.

To configure SSL:

1. Prepare all CA’s chain.pem files that are signed to your web server in the same directory.
2. Open a command line and use the installation cd to navigate to that directory.
3. For the root CA .pem file (such as <root> ) run the following command:

   %JAVA_HOME%\bin\keytool" -keystore <keystore> -storepass <password> -importcert  -noprompt -trustcacerts -file <root>

4. For other .pem files (such as <file> ) run the following command:

   %JAVA_HOME%\bin\keytool" -import -trustcacerts -alias <alias unique name> -file <file> -keystore <keystore>

5. Do one of the following:
   • EMAPI users: Go to your emapi directory and replace the emapi.keystore with the new <keystore> file under /keystore directory.
   • emapi_cli users: Create a new directory for emapi_cli and move your <keystore> file to that directory.
6. Update the following tags in your communication.xml file:
   • SSLCertDir tag with value of the directory where <keystore> is located.
   • SSLClientKeystoreFile tag with value of <keystore>
   • SSLClientPassPhrase tag with value of <password>

     NOTE: In case SSLClientPassPhrase tag is not set, the default behavior is to look for emapi_keystore.ini file under EMAPI_DIR directory.