Start a conversation
  1. AEM Lyris LM
  2. Lyris LM - Installation
  3. Articles

Change Lyris LM SOAP API from HTTP to HTTPS

Overview

You would like to modify your WSDL for ListManager from HTTP to HTTPS using strong 2,408-bit encryption and would like to know how to implement it.

Solution

By default, the ListManager SSL configuration file ...\ListManager\tclweb\bin\certs\openssl.conf is set for 1,024-bit encryption. To utilize 2,048-bit encryption it will be necessary to modify this file first, then generate a CSR and obtain your certificate, create the keyfile, and modify the lmcfg.txt configuration file.

Configure ListManager for 2,048-bit Encryption

  1. Using a text editor, edit the ...\tclweb\bin\certs\openssl.conf file

  2. Change default_bits=1024 to default_bits=2048

  3. Save the file

Generate a CSR (Certificate Signing Request)

  1. From a command line, navigate to your SSL directory ...\tclweb\bin\certs

  2. Enter: openssl req -new -nodes -keyout skey.pem -out public.csr -config openssl.conf

  3. You will be prompted for a passphrase and various data about your organization. If you wish, you can edit the openssl.conf file to provide default information for your organization, so you don't have to type it each time you create a certificate. Digicert has an example for creating the certificate request

  4. You will have generated two files: your public key for requesting a certificate (public.csr), and a private key (skey.pem). These files should be protected from the outside world

  5. Submit the CSR file you created to a Certifying Authority (CA), for example, Digicert.

    The certificate request should look something like

    -----BEGIN CERTIFICATE REQUEST-----
MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNV
BAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGln
aUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmo
wp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c
1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiI
WDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZ
wIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPR
BPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJ
KoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6D
hJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpY
Q4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/
ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn
29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO2
97Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=
-----END CERTIFICATE REQUEST-----

     

  6. Make a copy of the file you receive back from the certificate authority and name it server.pem

  7. Copy the server.pem and skey.pem (from Step 4 above) to the ListManager ...\tclweb\bin\certs directory.

Create the Keyfile

This file is a combination of the server.pem and skey.pem files and must be in the ...\tclweb\bin\certs directory.

  1. Using a text editor, create a new text file in the ...\tclweb\bin\certs directory called server-skey.pem

  2. Copy the contents of server.pem and skey.pem into the file
    Example
    -----BEGIN CERTIFICATE-----
MIIGCzCCA/OgAwIBAgIJAJe7KBfGTi4rMA0GCSqGSIb3DQEBCwUAMIGbMQswCQYD
...
...
...
pWOgCvz+qXf748HtS3nL
-----END CERTIFICATE-----
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIB08ZKuSV9Y8CAggA
...
...
...
2hE=
-----END ENCRYPTED PRIVATE KEY-----
  3. Save the file

Modify the lmcfg.txt Configuration File

  1. Use a text editor to edit the ...\ListManager\lmcfg.txt config file

  2. Add the following lines:
    $soap_https_enabled="true";
$soap_https_keyfile="C:\Program Files (x86)\ListManager\tclweb\bin\certs\server-skey.pem";
$soap_https_keyfile_password="";
$soap_https_server_identification="httpsapi";

SOAP Parameters Additional Information

Parameter Information
$soap_https_enabled By default it is "false". If set to "false", ListManager SOAP API will use unencrypted transmission HTTP. If set to "true", ListManager SOAP API will use encrypted transmission HTTPS. $soap_https_keyfile, $soap_https_keyfile_password and $soap_https_server_identification parameters should be set correctly to make this feature work.
$soap_https_keyfile This is the path to the pem file having the private key and the certificate which is used by encrypted transmission of ListManager SOAP API $soap_https_enabled.
$soap_https_keyfile_password This is password of the pem file $soap_https_keyfile having the private key and the certificate. $soap_https_keyfile_password=""; (if no password needed)
$soap_https_server_identification This parameter is server identification (must be a unique name) of SSL session cache for ListManager SOAP API $soap_https_enabled.

Testing

  1. After all parts of the Solution have been completed, the SOAP API can be accessed over port 82, as in this example: http://subdomain.domain.com:82, where the 'subdomain.domain.com' is your actual ListManager URL.
Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments