Managing Servers › Configure SSL on Tomcat

Configure SSL on Tomcat

You can configure your system to use Secure Socket Layer (SSL) on a Tomcat web server.

To configure SSL on Tomcat

1. From the command line, change directories to the JRE install location, and enter the following command:

   bin\keytool -genkey -alias tomcat -keyalg RSA
   

   A .keystore file is created by default in the home directory of the logged in user. You can specify a different location during .keystore file generation. On UNIX, make sure that the directory in which you generate the .keystore file has sufficient permissions for CA Service Desk Manager access.

   Note: For more about specifying a different .keystore file location, see your Tomcat documentation.

2. Answer the prompts appropriately. The default password is changeit.

   Note: You can enter a password other than the default one. For more information, see your Tomcat documentation.

3. Edit the server.xml file located in the following directory:

   NX_ROOT\bopcfg\www\CATALINA_BASE\conf.
   

4. Uncomment the SSL section and add the location of the .keystore file generated in the Step 1:

   <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
   <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
   port="8443" minProcessors="5" maxProcessors="75"
   enableLookups="true"
   acceptCount="100" debug="0" scheme="https" secure="true"
   useURIValidationHack="false" disableUploadTimeout="true">
   <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
   clientAuth="false" protocol="TLS" keystoreFile="C:\Documents and Settings\user\.keystore" />
   </Connector>`
   

5. Use the following commands to restart the Tomcat server:

   pdm_tomcat_nxd -c stop
   pdm_tomcat_nxd -c start
   

6. To access the CA Service Desk Manager web interface with SSL, use https://computer_name:8443/CAisd/pdmweb.exe. You can also derive the Web Services URL in a similar fashion.

   Note: You can specify a port other than 8443 in the server.xml file.

7. View and install the SSL certificate to access CA Service Desk Manager.

   The system is configured to use Secure Socket Layer (SSL) on a Tomcat web server.

8. (Optional) If you are accessing CA Service Desk Manager with Internet Explorer, and the Windows Server 2003 is configured for SSL, the browser requires additional configuration and restart. On the Internet Options, Advanced Tab, clear the following options in the Security section:
   • Check for server certificate revocation (requires restart)
   • Do not save encrypted pages to disk

   After restarting the browser, you can access the CA Service Desk Manager via the SSL-enabled Tomcat server.