Synchronizer management

Configure trust

Configure trust on the Synchronizer Service server when you need to connect to any other server over a secure channel.

  1. Obtain the certificate of the root and any intermediate Certificate Authority that issued the remote server certificate.

  2. Import each certificate into the java truststore using a keytool command. For example:

    cd $JAVA_HOME/bin
    ./keytool -import -trustcacerts -alias <CA> -keystore ../jre/lib/security/cacerts -file <path to the CA certificate file>

Configure a secure connection to the Synchronizer service

  1. Prepare a java keystore file with your server certificate, and copy it to the Synchronizer server.

    Make sure the user configured to run the Synchronizer service has access rights to this file.

  2. In the sync.yml configuration file fill in the properties httpsPort, keystorePath, and keystorePassword, as described in Synchronizer parameter reference.

  3. Restart the Synchronizer service for the changes to take effect.

    If the service does not start, check the wrapper.log file for errors.

To disable https, comment out the httpsPort property in the sync.yml file. and restart the service.

Running the Synchronizer service on OpenJRE

If running OpenJDK is not possible in your environment, you need to reconfigure the Synchronizer service.

  1. Within <sync_install_dir>/wrapper, edit the wrapper-common.conf file.

  2. Add a new line:

    wrapper.java.additional.<number>=-Dorg.apache.jasper.compiler.disablejsr199=true

    where <number> is the next line number that is available in the file.

    Example:

    wrapper.java.additional.43=-Dorg.apache.jasper.compiler.disablejsr199=true

  3. Restart the Synchronizer service.

Uninstall the Synchronizer

From /opt:

  1. Run /opt/sync/install/uninstall.sh

  2. Run rm –rf /opt/sync