Implementing HTTPS protocol for secure connection to the CDP
The HTTPS protocol provides an additional layer of security that enables clients to connect securely to the CDP. This security is important if the client passes sensitive information, such as authentication credentials and security certificates, over the network. BMC recommends the use of HTTPS for REST and ORCA web services.
To implement HTTPS for SOAP and REST requests, you must have a server certificate and you must modify Tomcat to enable SSL. BMC recommends that you configure HTTPS with a certificate signed by a certificate authority. However, for testing and development environments, you can use a self-signed certificate.
The default port for to use HTTPS for web services is 8443.
To implement HTTPS
Enable SSL in Tomcat:
In the $AO_HOME/tomcat/conf/server.xml file, uncomment the
Define SSL HTTP/1.1element.
<! Define a SSL HTTP/1.1 Connector on port 8443...> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true"</p> clientAuth="false" sslProtocol="TLS" />
Test for an existing keystore entry for Tomcat by entering the following text.
keytool -genkey -alias tomcat -keyalg RSA
In a Red Hat Linux or Oracle Solaris environment, type the command in a terminal session on the CDP.
In a Windows environment, type the command at the command prompt on the CDP.
Create a keystore entry as follows:
At the Enter keystore password prompt, type the keystore password.
When prompted, enter the following detailed user information for the certificate.
This information is used for the certificate and is visible only in the certificate.
First and last name
Organizational unit name
City or locality name
State or province name
Two letter country code
Review the displayed information and type yes at the following prompt: Is CN=firstAndLastName, OU=organizationalUnit, O=organization, L=cityOrLocality, ST=stateOrProvince, C=countryCode correct? [conbaowebs:no].
Restart the CDP.
Test the keystore by launching the Grid Manager application in a browser, using the HTTPS protocol and port 8443.
For example, the URL for a CDP on a computer called calbroserver1 would be the following:
If you configure HTTPS for SOAP requests and the port 8443 is in use by another application on the server, the implementation fails.