JVM parameters in FIS start script

HTTP(S)/SSL and key manager options

The following system properties for HTTPS can be set in the command line for the FIS call (Java):

  • Debugging the SSL Engine:

    -Djavax.net.debug=ssl

    • This option makes Java print very detailed information about the SSL handshake to standard output. It is very useful to trace and understand the authentication process.

  • Debug information for HTTPS generated by FIS true / false:

    -Dcom.tsystems.ima.fis.ssl.debug=false

    This option is especially useful in combination with -Djavax.net.debug=ssl because it adds the information about the SSL authentication process that is relevant from the application’s perspective. To fully understand and trace the authentication process, the two debug options should be used in combination. The default value is false.

  • Key manager usage:

    -Dcom.tsystems.ima.fis.ssl.useDefaultKeyManager=false

    By default (or when this option is set to false) FIS uses its own key manager to select the certificate. The FIS key manager always uses the private key defined in FIS.cfg to authenticate against the server. In contrast to the standard Java key manager (option set to true) the FIS key manager does not try to select a key to use automatically, which can be problematic with some certificates. The default value is false.

  • Enable/disable the ImageMaster SSL handler of FIS (for  HTTPS):

    -Dcom.tsystems.ima.fis.ssl.disableImaSsl=false

    Setting this option to “true” completely disables the FIS SSL handler and makes FIS use the standard Java SSL mechanisms only. When this option is set to “true”, all FIS SSL-specific options mentioned above are also disabled. It is recommended using the FIS handler (by the default parameter value “false”) because the standard Java SSL handler does not support certain key types properly.

HTTP connection tuning for high performance scenarios

To enable high performance scenarios, where a great number of documents have to be processed by FIS (e.g. an export of 500.000 documents with a parallelism level of 40) it must be ensured that the following HTTP connection parameters are set:

  • Make sure that the keepalive option is active (which is the default):

    -Dhttp.keepalive=true

  • Increase the maximum connections parameter (which is 5 by default). For example, in a scenario as described above with 500.000 documents and the parallelism level of 40 the value 100 is recommended:

    -Dhttp.maxConnections=100

For related details also see section ‘Avoiding error “noroutetohostexception” in high performance scenarios’.