Interacting with External Event Systems › Deploy and Configure CA Automation Point Web Services › Configure Tomcat for TLS

Configure Tomcat for TLS

Apache Tomcat is a third-party product. The most accurate source of documentation is from Apache itself. The definitive reference for configuring SSL for Tomcat is the “Apache Tomcat SSL Configuration HOW-TO”. You can use the “Apache Tomcat HTTP Connector Reference” to look up the definitions of the configuration properties utilized in the HOW-TO document. Other web tutorials exist which describe the configuration in a step-by-step fashion. Find and follow documentation for the version of Tomcat that is used by the release of CA Automation Point that is installed.

In general, the TLS configuration tasks that you must accomplish for Tomcat are:

1. Use the keytool program to create the keystores, truststores, and certificates to achieve your desired security configuration.
2. Within Tomcat’s server.xml configuration file, modify the Connector element which has port="8443". This port is the TLS connector. Specify a keystore file, the keystore type, and the keystore password. When using client certificate authentication, enable that option and specify the truststore file, type, and password.
3. You now have access to your URIs with both TLS and with an unencrypted connection. Test your TLS connection by specifying URIs with the HTTPS network scheme and the 8443 port. This test assumes that you retained the default TLS port number of 8443. Specify your URIs in the following format: https://localhost:8443/apwebsvc/YourDesiredApResource.
4. Once you have successfully tested your TLS connection, you can disable (comment out) the unencrypted Connector element, which has port 8080. This procedure prevents Tomcat from serving any requests over an unencrypted connection.

   Note: This procedure affects every application that is hosted under this particular Tomcat server.