Enabling SSL for client and internal connections

Build Forge components are set up by default to use certain ports and security settings when SSL is enabled.

To enable SSL connections from clients to Build Forge and among Build Forge internal components, do the following in exactly the order specified:

Once the system is proven to work with the default settings, you may edit the properties that affect SSL.
Note: If you want to have clients use SSL but do not want to use SSL between internal clients (web interface component and engine component) and the services layer component, do the following:
  • Edit the BFClient.conf file manually. It is in <bfinstall>.
  • Change the bf_services_preferred_protocol setting tcp.
    bf_services_preferred_protocol to tcp

This configuration improves performance at minimum security risk if the Build Forge host is physically secured.

Re-enabling TCP communications on a locked system

If there is a misconfiguration in SSL, the system locks you out.

To get access to a locked system, do the following:

You should be able to log in.

Note: Changing the protocol does not disable secure login authentication, which is enabled by default. Users are redirected to a secure connection that allows secure communication of login credentials to Build Forge.

Feedback