This is an optional step. If you want to be extra secure, configure your language servers to communicate with HTTPS.
You don't have to do this, but it's an extra precaution to prevent attacks from within your network. You might also secure internal communication if your language server and core server are both accessible over the internet. When you secure the communication between the language servers and the core server, they use the Transport Layer Security (TLS) protocol by default. This is the latest and most secure protocol.
To configure the language servers to communicate with HTTPS, follow these steps:
- Open your overlay of each language server properties file. %ACROLINX_CONFIGURATION_ROOT%/server/bin/ls-<NUMBER>.properties. The placeholder <NUMBER> is the number of each language server in the format ls-01, ls-02.
- In each file, update the properties like the following
coreServerEndpointUrl=https://<HOST_NAME>:<HOST_PORT>/internal endpointHost=<HOST_NAME> endpointProtocol=https
Replace the placeholder <HOST_NAME> with the fully qualified domain name on the certificate, not the machine name - otherwise the configuration won't work.
For example, if your server certificate is issued to “ouracrolinxserver.com" and you use the default port 8031, you would update the properties as follows:
coreServerEndpointUrl=https://ouracrolinxserver.com:8031/internal endpointHost=ouracrolinxserver.com endpointProtocol=https
- Save your changes and restart the language server.
When you restart the language server, it will automatically create a certificate and try to connect to the core server. The core server initially rejects this communication because it doesn't recognize the generated certificate. However, there's no need to worry, just proceed to the next step.
- Make a backup copy of your keystore file in <INSTALL_DIR>/server/bin.
- Import the generated certificate into the Java keystore for your language server. You'll find
your server certificate in the following directory:
Import the certificate with the Java keytool. You'll find this tool in the following directory:
If you use Windows, the path to your keytool might look like the following example:
If you use a Unix-based operating system, the path to your keytool might look like the following example:
Here are the commands to import the certificate:
cd <INSTALL_DIR>/bin/ <JAVA_HOME>/bin/keytool -importcert -file %ACROLINX_CONFIGURATION_ROOT%/server/certificates/own/<CERTIFICATE_NAME> -keystore <keystore_name> -alias ls-<NUMBER>
For example, if your certificate for language server 01 is called CN\=acroserver\,DC\=ls-01\,DC\=smarttech\,DC\=com.der and you run the Acrolinx Server on Linux, your commands might look like the following:
cd /home/acrolinx/.config/Acrolinx/server/bin /usr/java/default/bin/keytool -importcert -file /home/admin/.config/Acrolinx/ServerConfiguration5.2.0/server/certificates/own/CN\=acroserver\,DC\=ls-01\,DC\=smarttech\,DC\=com.der -keystore myKeystore -alias ls-01
You’ll be prompted to enter your keystore password and then asked "Trust this certificate?".
Type yes and press Enter.
- Restart the core server.
The core server should now recognize the secure connection from the language server.