Connecting Transformer 7 to Liberator over SSL

This page describes how to configure Transformer 7 to connect to Liberator over SSL/TLS.

Contents:

Activating Transformer’s SSL connection blade
Changing Transformer’s default SSL credentials

Activating Transformer’s SSL connection blade

From version 7, Transformer includes two configuration blades that package the configuration required to set up a connection to a Liberator:

TransformerToLiberatorConnection
TransformerToLiberatorSSLConnection

On deploying Transformer, the TransformerToLiberatorConnection blade is activated by default.

To configure Transformer to connect to Liberator over SSL/TLS, follow the steps below:

Shutdown Liberator and Transformer:
```
./dfw stop Liberator Transformer
```
Deactivate the TransformerToLiberatorConnection blade:
```
./dfw deactivate TransformerToLiberatorConnection
```
Activate the TransformerToLiberatorSSLConnection blade:
```
./dfw activate TransformerToLiberatorSSLConnection
```
If your Transformer is in a non-production environment and you want to use Liberator’s demo self-signed SSL credentials, then be aware that from version 7.1.0, the Deployment Framework (DFW) does not automatically deploy Liberator’s demo SSL credentials when deploying Liberator. To deploy the demo SSL credentials in DFW 7.1.0 and above, use the copy-ssl-demo-files command.
[Optional] By default, the configuration macros for Transformer’s SSL credentials are set to reuse Liberator’s SSL credentials. To specify separate SSL credentials for Transformer, see Changing Transformer’s default SSL credentials, below.
Restart Liberator and Transformer
```
./dfw start Liberator Transformer
```

Changing Transformer’s default SSL credentials

The TransformerToLiberatorSSLConnection blade uses the following environment macros to define Transformer’s SSL credentials and trusted certificate:

Environment macros defining Transformer’s SSL credentials
Macro	Default value
`TRANSFORMER${THIS_LEG}_SSL_PRESENT_CERTIFICATE`	`${SSLCERT_PATH}/rttpd_https.pem`
`TRANSFORMER${THIS_LEG}_SSL_PRIVATEKEY`	`${SSLCERT_PATH}/rttpd_https.key`
`TRANSFORMER${THIS_LEG}_SSL_PASSWORDFILE`	`${SSLCERT_PATH}/rttpd_https.pwd`

Environment macro defining the SSL certificate trusted by Transformer (Liberator’s certificate)
Macro	Default value
`TRANSFORMER${THIS_LEG}_SSL_ACCEPT_CERTIFICATE`	`${SSLCERT_PATH}/rttpd_https.pem`

As shown in the table above, by default the macros are assigned Liberator’s default SSL credential files for HTTPS: rttpd_https.pem, rttpd_https.key, and rttpd_https.pwd.

To use a different set of credential files for Transformer, supply your own overriding macro definitions in the file <framework_root>/global_config/environment.conf.

For example, if you generate transformer.pem, transformer.key, and transformer.pwd as new credential files for Transformer, then you would add the following macro definitions to the file global_config/environment.conf:

define TRANSFORMER${THIS_LEG}_SSL_PRESENT_CERTIFICATE  ${SSLCERT_PATH}/transformer.pem
define TRANSFORMER${THIS_LEG}_SSL_PRIVATEKEY           ${SSLCERT_PATH}/transformer.key
define TRANSFORMER${THIS_LEG}_SSL_PASSWORDFILE         ${SSLCERT_PATH}/transformer.pwd