Managing Servers › Configure SSL on Tomcat

Previous Topic: Server Status

Next Topic: Configure a Secondary Server for Web Screen Painter

Configure SSL on Tomcat

You can configure your system to use Secure Socket Layer (SSL) on a Tomcat web server.

To configure SSL on Tomcat

  1. From the command line, change directories to the JRE install location, and enter the following command: 
    bin\keytool -genkey -alias tomcat -keyalg RSA

    A .keystore file is created by default in the home directory of the logged in user. You can specify a different location during .keystore file generation. On UNIX, verify that the directory in which you generate the .keystore file has sufficient permissions for CA SDM access.

    Note: For more about specifying a different .keystore file location, see your Tomcat documentation.

  2. Answer the prompts appropriately. The default password is changeit.

    Note: You can enter a password other than the default one. For more information, see your Tomcat documentation.

  3. Edit the server.xml file located in the NX_ROOT\bopcfg\www\CATALINA_BASE\conf directory as follows: 
    <Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
keystoreFile="keystoreFile="C:\Documents and Settings\user\.keystore"
keystorePass="password"/>
  4. Use the following commands to restart the Tomcat server: 
    pdm_tomcat_nxd -c stop
pdm_tomcat_nxd -c start
  5. To access the CA SDM web interface with SSL, use https://computer_name:8443/CAisd/pdmweb.exe. You can also derive the web services URL in a similar fashion.

    Note: You can specify a port other than 8443 in the server.xml file.

  6. View and install the SSL certificate to access CA SDM.

    The system is configured to use Secure Socket Layer (SSL) on a Tomcat web server.

  7. (Optional) If you are accessing CA SDM with Internet Explorer, and the Windows Server 2003 is configured for SSL, the browser requires additional configuration and restart. On the Internet Options, Advanced Tab, clear the following options in the Security section:

    After you restart the browser, you can access the CA SDM using the SSL-enabled Tomcat server.