GitHubContribute in GitHub: Edit online

copyright: years: 2018, 2020 lastupdated: "2023-02-12"

Configuring TLS for the XSLD caching server

A highly available SMS Gateway environment might include an eXtreme Scale Liberty Deployment (XSLD) distributed caching server. You can secure connections between the XSLD instances and between the XSLD instances and SMS Gateway by configuring TLS encryption for the XSLD instances. (As of Version 1.0.6.0, the XSLD caching server is deprecated in favor of the Redis caching server.)

Important: If you enable TLS encryption, you must enable it individually for all XSLD instances. Each XSLD instance has a unique catalog endpoint.

  1. Create a keystore and truststore for XSLD. For detailed instructions, see Creating a keystore and a truststore.

    Important: If you previously configured SSL or TLS encryption for connections to Watson Assistant and the SMS provider, add the certificates to the existing store files. For more information, see Configuring SSL and TLS encryption.

  2. Upload the stores and configure TLS settings for each XSLD instance from the XSLD Admin Console.

    1. List the XSLD catalog endpoints by running the following command:

kubectl get pods -o wide | grep wxs | awk '{ print $7 }'

  {:codeblock}
  1. For each endpoint, go to the Admin Console at the following URL, where `endpoint` is the endpoint host name or IP:
  ```
https://<endpoint>:9443/wxsui/dashboard

{:codeblock}
1. Configure TLS for the endpoint as described in [Configuring TLS for a cache member group](https://www.ibm.com/support/knowledgecenter/SSTVLU_8.6.1/com.ibm.websphere.extremescale.doc/txsconfiguretlsxsld.html){:new_window}, but don't configure mutual authentication.

  1. Restart the XSLD pods.

    Note: If you have more than one catalog server endpoint, you must restart XSLD on at least two of the endpoints before they will completely initialize.

    1. Verify that the XSLD containers are running in the pods.

kubectl get pods

  {:codeblock}

  1. Get a shell to the containers in a pod.
  ```
kubectl exec -it <podName> bash

{:codeblock}
1. Change to the required directory.
```

cd /opt/ibm/WebSphere/eXtremeScale/wxs

  {:codeblock}
  1. Stop the XSLD servers by running the `stopXSLD.sh` script and following the instructions in the console.
  1. Start the XSLD servers by running the `startXSLD.sh` script and following the instructions in the console.
1. In the `deploy-sms-gateway/deploy.yaml` file for SMS Gateway, set the `XS_TRANSPORT_TYPE` environment variable to `SSL-Required`.