Build Forge components are set up by default to use certain
ports and security settings when SSL is enabled.
To enable SSL connections from clients to Build Forge and among
Build Forge internal components, do the following in exactly the order
specified:
- In the console, go to .
- Set SSL Enabled to Yes. Several additional
properties are shown. Leave them set to the default. They can
be customized later if required.
- Click Save. The SSL configuration is saved
in the Build Forge database.
- Click Update Master BFClient.conf. The
SSL configuration is used to update the BFClient.conf file.
The settings must be in this file for Build Forge to use them.
- Stop Build Forge and restart. This is required.
Once the system is proven to work with the default settings, you
may edit the properties that affect SSL.
Note: If you want to have
clients use SSL but do not want to use SSL between internal clients
(web interface component and engine component) and the services layer
component, do the following:
This configuration improves performance at minimum security
risk if the Build Forge host is physically secured.
Re-enabling TCP communications on a locked system
If
there is a misconfiguration in SSL, the system locks you out.
To
get access to a locked system, do the following:
You should be able to log in.
Note: Changing the protocol
does not disable secure login authentication, which is enabled by
default. Users are redirected to a secure connection that allows secure
communication of login credentials to Build Forge.