Previous Topic: Use HTTPS to Secure CommunicationNext Topic: Configuring Official Certificate from Third Parties

Configuring CA Executive InsightUse HTTPS to Secure CommunicationConfigure SSL

Configure SSL

Use the following steps to configure SSL for a self-signed certificate or trusted certificate provider:

  1. To generate a self-signed certificate, from the command line, run the following command: 
    $JAVA_HOME\bin\keytool -genkey -alias tomcat -keyalg RSA -keystore keystore

    On UNIX, make sure that the directory in which you generate the keystore file has appropriate permissions.

    Note: For more details about specifying a different keystore file location, see the Tomcat documentation.

  2. Answer the prompts appropriately.

    Note: Both passwords should be the same.

    File 'keystore' is generated.

  3. Copy the generated keystore file to the following directory: 
    Install_dir\config\
  4. Edit the server.xml file for your installation:

    For server installation, go to: Install_dir\product\ServerAndUI\plugins\catalina.start.osgi.config.fragment_1.0.0\ conf.

    For web UI installation, go to: Install_dir\product\WebUI\plugins\catalina.start.osgi.config.fragment_1.0.0\ conf

  5. Edit the server.xml file located in the following directory: 
    Install_dir\product\ServerAndUI\plugins\catalina.start.osgi.config.fragment_1.0.0\ conf.
    1. Uncomment the following SSL connector: 
      <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
    2. Modify value for 'keystorePass=' with password used in Step 2: 
      <Connector
 port="8443"
 scheme="https"
 secure="true"
 clientAuth="false"
 keystoreFile="${catalina.home}/config/keystore"
 keystorePass="<user defined password specified in keystore file>"
 sslProtocol="TLS"
 compression="2048" 
 compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css" 
 useSendfile="false"
 />

    Note: If you want disable support for http comment the following connector '<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->' section in the 'server.xml' file.

  6. Restart CA Executive Insight.
  7. To access the CA Executive Insight web interface with SSL, use: 
    https://hostname:8443/ or https://hostname:8443/admin/.

    Note: You can specify a port other than 8443 in the server.xml file.

Once the SSL is up and functional with the self-signed certificate; you are ready to implement an official Certificate Authority provided certificate.