Secure Connections to URS or ORS
- Introduced in 8.5.211
By default, GMS connects to ORS and URS using HTTP. You can use HTTPS for these connections by following the steps below.
HTTPS Connection to URS
- Retrieve the URS certificate.
- Import this certificate in the Java keystore.
- The following command line imports the certificate in the default JDK keystore from JDK, that is, using the default java keystore password 'changeit'.
$ keytool -import -alias urscertificate -keystore /etc/pki/java/cacerts -file /security/urscertificate.crt -noprompt -storepass changeit
- Note that changeit is the default password provided during at Java installation.
- Configure the URS URL in GMS to point to the secured endpoint.
- The example below shows how to provision a GMS service for a given URS Agent statistic.
[service.agent-stat-proxy-https]
_caching_policy=5
_service=urs-stat
_type=builtin
_urs_stat_url_parameters=tenant=Environment&target=KSippola.A&json&ext
_urs_url=https://hosturs:443/urs/stat/targetstate
Testing the URS Connection
To test the URS connection, enter the following commands:
$ curl -k https://hosturs:443/urs/version
8.1.400.41
$ curl -k "https://hosturs:443/urs/stat/targetstate?tenant=Environment&target=KSippola.A&json&ext"
{
"status":0,"agent":"KSippola"
}
Testing your GMS connection to URS
To test the GMS connection to URS, enter the following commands:
$ curl "http://hostgms:8080/genesys/1/service/agent-stat-proxy-https"
{"agent":"KSippola","status":0}
In case of any issue while connecting to URS, the response would look like below:
$ curl "http://hostgms:8080/genesys/1/service/agent-stat-proxy-https"
{"exception":"java.io.IOException","message":"URSStatisticService: cannot submit to URS for any URL in 'service.agent-stat-proxy-https' section"}
HTTPS Connection to ORS
- Retrieve the ORS certificate.
- Import this certificate in the Java keystore.
- The following command line imports the certificate in the default JDK keystore from JDK, that is, using the default java keystore password 'changeit'.
$ keytool -import -alias orscertificate -keystore /etc/pki/java/cacerts -file /security/orscertificate.crt -noprompt -storepass changeit
- Configure the ORS URL in GMS to point to the secured endpoint.
[server]
_ors=https://<hostors>:8443
Testing your ORS connection
To test the ORS connection, enter the following commands:
$ curl -k https://hostors:8443/heartbeat
...
< HTTP/1.1 200 OK
< Server: GTS_CORE 2.0
< Content-Type: text/html;
< Cache-control: private
< Etag: 1560434146
< Content-length: 33
<
Node is operating in primary mode
Testing your GMS connection to ORS
To do so, create a callback through the Callback Service API or using the Callback UI.
This page was last edited on March 15, 2021, at 10:41.
Comments or questions about this documentation? Contact us for support!