Previous Topic: Configure CA SDM to Use SSL with CA Portal

Next Topic: Connect to CA SDM when CA Portal Uses SSL

Integrating with Other ProductsCA Portal IntegrationConfigure CA SDM to Use SSL with CA PortalSetup SSL Using a Self-Signed Certificate

Setup SSL Using a Self-Signed Certificate

To set up the CA SDM Portal Integration using a self-signed certificate

  1. At the command line, enter: 
    %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA

    Answer the prompts appropriately and enter "changeit" as the password for both password prompts.

    This sets up the certificate.

  2. Edit the server.xml file located in: 
    $NX_ROOT/bopcfg/www/CATALINA_BASE/conf
  3. Uncomment the following section and save: 
    <!-- 
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
   port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="100" debug="0" scheme="https" secure="true"useURIValidationHack="false" disableUploadTimeout="true">
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS" /></Connector>
-->
  4. Add keystoreFile attribute to server.xml. (When you run the command in step 1, a .keystore file is created in the user's home directory. Add the reference to the keystoreFile attribute and Save the file. Your server.xml should appear as follows. 
    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"

    port="8443" minProcessors="5" maxProcessors="75" enableLookups="true"    acceptCount="100" debug="0" scheme="https" secure="true"  useURIValidationHack="false" disableUploadTimeout="true">

    <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"

    clientAuth="false" protocol="TLS" keystoreFile="location/.keystore" />

     </Connector>
  5. Restart CA SDM.
  6. To check the SSL functionality, point your browser to https://hostname:8443. This should display a Security Alert dialogue. Click Yes.

    Note: SSL uses port 8443.

  7. Replace the CA SDM portlet to use HTTPS and port 8443. 
    https://hostname:8443/CAisd/PortalServlet?

    USERNAME=$USER.username$&PORTALSESSION=$SESSION$&PORTALINSTALL=portalhostname:portalportnumber