Links may not function; however, this content may be relevant to outdated versions of the product.
Enabling encrypted communication between nodes
Pega Platform™ supports encrypted communication between nodes. Encryption is useful when compliance rules require all intracluster communication to be encrypted, such as when working under HIPAA regulations.
Enabling encryption involves the following high-level steps:
- Create the keystore and truststore files
- Upload the keystore and truststore files into the Pega Platform
- Enable encryption
- Restart all nodes in the cluster
Creating the keystore.jks and truststore.jks files
If you already have a self-signed certificate (SSL), go to step 2.
- Create a self-signed certificate by entering the following command:
keytool -genkey -alias <alias> -keyalg RSA -keysize <enter size> -keypass <password> -keystore cluster-keystore.jks -storepass <password>
- Export the self-signed certificate so that it can be added to the truststore as the trusted certificate by entering the following command:
keytool -export -alias <alias> -file <certificate> -keystore cluster-keystore.jks -storepass <password>
- Create the cluster-truststore.jks file by entering the following command:
keytool -import -alias <alias> -file client.cer -keystore cluster-truststore.jks -storepass <password>
Uploading the keystore and truststore files to the Pega Platform
By default, the file names are cluster-keystore.jks and cluster-truststore.jks. Change the file names by modifying the cluster/encryption/keystorename
and cluster/encryption/truststorename
prconfig.xml file settings, respectively. Upload the keystore and truststore files into the Pega Platform as instances of Data-Admin-Security-Keystore.
- In Dev Studio, click .
- Enter a short description.
- In the Keystore field, enter the keystore name.
- Click .
- Enter the keystore file type, either JKS or PKCS12.
- Enter the keystore password.
- Click and upload the actual keystore file, not the certificate.
- Click .
- Repeat this procedure to upload the truststore file.
Enabling encryption
Enable encryption by using the cluster/encryption/enabled Dynamic System Setting.
- Create + Create > SysAdmin > Dynamic System Settings.
- Enter a short description.
- Enter Pega-Engine in the Owning Ruleset field.
- Enter cluster/encryption/enabled in the Setting Purpose field.
- Click Create and open.
- On the Settings tab, enter true in the Value field.
- Click Save.
You can also enable encryption by setting cluster/encryption/enabled to true in the prconfig.xml file. The setting in the prconfig.xml file takes precedence over the Dynamic System Setting unless there is no entry in the prconfig.xml file.
<env name="cluster/encryption/enabled" "value=true" />
Restarting nodes
After you complete all the preceding tasks, restart all nodes in the cluster.