Enabling and Disabling SSL

Turn secure sockets layer (SSL) on or off at the node or project level.

SSL is enabled for both nodes and projects by default.

When SSL is enabled at the project level, gateway communication is encrypted. Project-level SSL imposes no user requirements. When SSL is enabled at the node level, all incoming URLs must use HTTPS and URIs must use ESPS. For example, to enter the cluster administration tool’s interactive mode:
  • With SSL enabled: esp_cluster_admin --uri=esps://myhost:19011 --username=mylogin
  • With SSL disabled: esp_cluster_admin --uri=esp://myhost:19011 --username=mylogin
The SSL settings for both the node and the project level are in the cluster configuration file, <node-name>.xml.
  1. Open ESP_HOME/cluster/nodes/<node-name>/<node-name>.xml .
  2. To enable or disable SSL for the node, set the ssl attribute on the RPC|Port element to true (to enable) or false (to disable). For example:
    <Port ssl="false">19011</Port>
  3. To enable SSL for a project, set the ssl-key-file property on the project and ha_project ApplicationType elements in Controller|ApplicationTypes to point to the directory that holds the SSL files, ESP_HOME/cluster/keys/<cluster-name>. See the example at the end of this task.

    To disable SSL for a project, omit ssl-key-file or leave its value empty.

  4. To flag the project’s SSL files as encrypted so Event Stream Processor decrypts them at runtime, set the ssl-key-file-encrypted property to true on project and ha_project ApplicationType elements in Controller|ApplicationTypes. See the example at the end of this task.

    If you set ssl-key-file-encrypted to false when the SSL files are encrypted, or to true when the SSL files are not encrypted, the project does not run.

Example: SSL Properties in <node-name>.xml

This example shows SSL properties in the ApplicationTypes element, which is part of the Controller section of <node-name>.xml. The ApplicationType shown here is project. The only difference in an ha_project example would be to change project to ha_project in the second line: <ApplicationType name="ha_project" enabled="true">

<ApplicationTypes>
  <ApplicationType name="project" enabled="true">
    <Class>com.sybase.esp.cluster.plugins.apptypes.Project</Class> 
    <StandardStreamLog enabled="true" /> 
    <Properties>
      <Property name="esp-home">${ESP_HOME}</Property> 
      <Property name="hostname">${ESP_HOSTNAME}</Property> 
      <Property name="ld-preload">${ESP_HOME}/lib/libjsig.so</Property>
      <Property name="services-file">${ESP_HOME}/bin/service.xml</Property> 
      <Property name="base-directory">${ESP_HOME}/cluster/projects/Your-Cluster-Name</Property> 
      <Property name="ssl-key-file">${ESP_HOME}/cluster/keys/Your-Cluster-Name</Property> 
      <Property name="ssl-key-file-encrypted">true</Property>
    </Properties>
  </ApplicationType>
</ApplicationTypes>
Parent topic: Safeguarding Your Data
Related tasks
Encrypting SSL Files