Using HTTPS with Single Sign-On › How to Set Up HTTPS for CA Single Sign-On › Set Up SSL Certificates

Set Up SSL Certificates

Before you can configure the Single Sign-On website to use HTTPS, you must obtain an SSL certificate. The necessary procedures are typically specific to an organization and the policies of its security team. However, we have provided some information to guide you. Use these procedures to locate and update the necessary files in the CA Performance Center installation directories and install the certificates in the keystore.

Follow these steps:

1. Obtain a signed SSL certificate from a Certificate Authority.
2. If the Certificate Authority provided a certificate chain, import the chain into the JSSE keystore using the following commands:

   keytool -import -alias CAPCchain -trustcacerts -keystore [installationDirectory]/jre/lib/security/cacerts
   

   Note: The default password for the cacerts keystore is 'changeit'.

3. (Optional) Change the password of the JSSE keystore for additional security using the following commands:

   keytool -storepasswd -keystore [installationDirectory]/jre/lib/security/cacerts
   

   You are prompted to provide the existing password and the new password.

4. Rename the existing jetty keystore file to create a backup of it using the following commands:

   mv [installationDirectory]/PerformanceCenter/jetty-version/
   etc/keystore[installationDirectory]/PerformanceCenter/
   jetty-version/etc/keystore.bak
   

5. Install the certificate in the web server keystore using the following command:

   keytool -import -alias CAPC -trustcacerts -keystore [installationDirectory]/PerformanceCenter/jetty-version/etc/keystore
   

   You are prompted to provide a password for this file.

   Note: If you are using a self-signed certificate, omit the –trustcacerts option in the previous steps, and import the self-signed certificate instead of a certificate chain.

Now you must configure the port and website to support HTTPS.