Federation Manager Guide › Federation Manager System Administration › SSL Administration for the Apache Web Server and the UI › Deactivate SSL

Deactivate SSL

You can deactivate the SSL configuration if you no longer require SSL, for example, if back channel authentication is no longer required or you no longer want an SSL connection to the UI.

To deactivate SSL

1. Begin at the SSL Configuration dialog.
2. Click Deactivate in the Embedded web server or Administrative UI section.

   A confirmation prompt is displayed asking if you want to disable SSL.

3. Click Yes to complete the deactivation.
4. Restart the Federation Manager services, according to your operating environment.
   • Windows

     Use the Federation Manager stop and start shortcuts as follows:

     1. Start, All Programs, CA, FederationManager, Stop services
     2. Start, All Programs, CA, FederationManager, Start services
   • Solaris

     a. Open a command window.

     b. Run the following scripts:

     federation_mgr_home/fedmanager.sh stop

     federation_mgr_home/fedmanager.sh start

     When you run the fedmanager.sh script, it sources the Federation Manager environment script, ca_federation_env.ksh.

     Note: Do not stop and start the services as the root user. You must be a non-root user.

The SSL connection is no longer active and the SSL Configuration Status setting changes to Server cert signed by CA, SSL ready. The certificate and key files remain so you can re-enable SSL.

Update the Tomcat Key Store After Deactivating SSL for the UI

Deactivating SSL for the Federation Manager UI does not delete the corresponding key store file. If you change the UI SSL certificate for any reason, the certificate is not updated, which results in Federation Manager using the wrong certificate.

After you disable SSL from the UI, delete the tomcat.keystore file manually. This file is located in the following directory:

federation_mgr_home/secure-proxy/SSL/keys