System
Administrators
The Administrators page allows you to manage users with administrator privileges. Any changes are stored to the ivy.yaml file.
You need to specify an email address for administrators. The Axon Ivy Engine send notifications of critical events to the administrators, e.g., license violations.
Note
Changes to administrators will only take effect after you restart the engine.
System Database
In the System Database page you to manage the system database configuration. Any changes are stored in the ivy.yaml file.
Please refer to the Setup Wizard documentation on how to configure your engine’s system database.
Warning
Before you save your configurations, be sure you can connect to the database. Otherwise you may have problems when restarting the engine.
Note
Changes to system database will only take effect after you restarting the engine.
System Database Info
If you need information about your system database, click the Info button. The System Database Info page opens and shows Information about your database, driver, tables, triggers, and indices. You can see how much disk space the database, table, and indices use. The number of rows for tables and cardinality for indices gives you an idea of how much data is stored. The fragmentation gives you an indication if a reorganization of your database is recommended.
License
In the License view you can upload or renew a license. If you have a valid license you see a table with all information about it. On the right side you have a life overview of your active sessions with the ability to kill sessions.
Web Server
In the Web Server view, you can quickly change your Tomcat Connectors or reverse proxy server settings. There is also a data panel which shows you all the headers of the current request and how the engine generates some URLs.
You may also get some messages here. These appear if the URL of your browser and the external base URL or the configured base URL do not match. If this is the case please refer to how to properly set up a reverse proxy.
System Configuration
The System Configuration page displays an overview of all your engine configuration settings. Configurations in grey represent default values. If you want to edit an existing configuration, click on the Pencil button. Clicking More allows you to reset a configuration setting or view the complete configuration file.
Warning
Application configurations are not shown in this view. You can see application configuration settings on page Application Detail.
Note
For more information about the configuration, please refer to the Configuration section.
SSL Settings
The SSL Settings page allows you to configure SSL/TLS settings for client connections. You can configure a trust store and a key store as needed.
Trust Store
A trust store contains trusted certificates from servers and/or certification authorities. An SSL client uses these certificates to authenticate servers during the SSL/TLS handshake. If the server presents a certificate signed by a certification authority known to Java, the system trust store may suffice. For servers using self-signed or certification authority unknown certificates, a custom trust store is necessary, this custom store must include the server certificate or the unknown certification authority certificate.
- Trust Store Settings
The following settings configure the trust store for SSL/TLS client connections.
- Trust store file
Path to the file of the trust store.
- Trust store password
Password for accessing the trust store file.
- Trust store type
The format of the trust store (e.g., JKS or PKCS12). If empty the system default type (PKCS12) is used.
- Trust store provider
The security provider used to read the trust store. If empty the system default provider is used.
- Trust store algorithm
The algorithm used to read the trust store. If empty the system default algorithm is used.
Key Store
A key store contains the client’s private key and certificate. These are required for mTLS, when a server requests the client to prove its identity. The key store must contain both the private key and the corresponding public certificate.
- Key Store Settings
The following options configure the key store for SSL/TLS client connections.
- Use custom key store
If selected the key store configured below is used to read the client’s key. A client key is only necessary if the server requests SSL client authentication. If not selected the system keystore is used. The system keystore can be configured by setting the Java system property
javax.net.ssl.keyStore.- Key store file
Path to the file of the key store.
- Key store password
Password for accessing the key store file.
- Key password
Password used to decrypt the private key. Only a single key password can be defined, which means multiple keys with different passwords in the same keystore are not supported.
- Key store type
The type of the key store (e.g., JKS or PKCS12). If empty the system default type is used.
- Key store provider
The security provider used to read the key store. If empty the system default provider is used.
- Key store algorithm
The algorithm used to read the key store. If empty the system default algorithm is used.
Certificates Table
The certificate table displays all certificates in the selected key- or truststore:
Displays alias, subject, algorithm, and expiry date.
Shows whether each certificate is valid or invalid.
Hovering over the icon of the expiry date, provides details on certificate problems (e.g., expired certificate).
Displays whether the certificate is a private key or a public certificate.
You can add or delete certificates as required.
In the key store, it is also possible to import complete PKCS#12 (.p12) stores containing private and/or public certificates.
Other SSL Settings
- Enable insecure SSL and HTTPS connections
Manipulates the JVMs default SSLSocketFactory, so that untrusted (self signed or outdated) certificates are silently accepted. This could for instance be useful to generate a Webservice stub from an insecure WSDL location.
- Modification of certificates
Key and trust stores can also be created and modified (generating and importing certificates and keys) using a graphical key tool such as KeyStore Explorer or the key tool included in the Java Development Kit (JDK). More information can be found in the JDK documentation.
Note
The SSL Client trust- and key store settings are currently only considered when sending mails, for REST client calls, CXF Web Service client calls and when loading web service definition (WSDL) files.
TLS Connenction Tester
With the TLS Connection Tester you can test secure connections to WebServices (SOAP/REST) or active directories (LDAPS). This can be tested directly in the Engine-Cockpit next to the connection tester. Supported TLS standards are detected and reported. Currently trusted certificates are printed and untrusted certificates are reported.
Config File Editor
Configurations applied in the Engine Cockpit are stored in files. The Config File Editor lets you review and modify these configurations.
In the right upper corner, you can select the configuration file to be shown.
While editing our prominent YAML files, you have a rich set of authoring features at hand:
Validation: keys used within the YAML files are validated against the official schema. So invalid values are being blamed with a warning marker.
Completion: by pressing CTRL+Space the context completor helps you to identify and select valid configuration values or keys.
Help: by hovering over keys you get context-specific documentation right where you are editing.
Formatting: YAML content has strict formatting rules, and the editor takes care that whitespace indents are correct and in effect.
Note that all our text-based configuration files are editable, though the authoring features may be limited on some.
Cluster
If your engine runs with a Editions license, your are able to define a Cluster. The engine cockpit will provide a Cluster navigation menu item. It shows you an overview page of your running nodes and a detail view dialog if you click on one of these node.
