Configure SSL with a Self-Signed Certificate

Configuring CA Executive Insight › Use HTTPS for User Interface to Server Communication › Configure SSL with a Self-Signed Certificate

Configure SSL with a Self-Signed Certificate

Follow these steps:

To generate a self-signed certificate, from the command line, run the following command:
```
$JAVA_HOME\bin\keytool -genkey -alias tomcat -keyalg RSA -keystore keystore
```
On UNIX, make sure that the directory in which you generate the keystore file has appropriate permissions.

Note: For more details about specifying a different keystore file location, see the Tomcat documentation.
Answer the prompts appropriately.
Note: Both passwords should be the same.

File 'keystore' is generated.
Copy the generated keystore file to the following directory:
```
Install_dir\config\
```

Edit the server.xml file located in the following directory:

Install_dir\product\ServerAndUI\plugins\catalina.start.osgi.config.fragment_1.0.0\ conf.

Uncomment the following SSL connector:

<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->

Modify value for 'keystorePass=' with password used in Step 2:

<Connector
 port="8443"
 scheme="https"
 secure="true"
 clientAuth="false"
 keystoreFile="${catalina.home}/config/keystore"
 keystorePass="<user defined password specified in keystore file>"
 sslProtocol="TLS"
 compression="2048" 
 compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css" 
 useSendfile="false"
 />

Note: If you want disable support for http comment the following connector '' section in the 'server.xml' file.

Restart CA Executive Insight.
To access the CA Executive Insight web interface with SSL, use:
```
https://hostname:8443/exec/ or https://hostname:8443/execDesktop/.
```
Note: You can specify a port other than 8443 in the server.xml file.

Once the SSL is up and functional with the self-signed certificate; you are ready to implement an official Certificate Authority provided certificate.