×
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
 
 
  •  

Limited support

 

This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments. Click here to view the documentation for the current version.
BMC Digital Workplace Advanced 18.11 ... Installing Installing BMC Digital Workplace Configuring after installation of BMC Digital Workplace

Configuring SSL for the Tomcat server

To provide communication security among applications, configure SSL for the Apache Tomcat server. If you enabled SSL as part of installation, SSL is already configured. Otherwise, follow this procedure.

Best practice

To protect data, use HTTPS to communicate with the BMC Digital Workplace server. You can do so through a load balancer or reverse proxy, or by enabling HTTPS on the BMC Digital Workplace server.

Before you begin

Perform the BMC Digital Workplace installation.

Video demonstration: Configuring SSL for BMC Digital Workplace


Note

The following video shows an older version of BMC Digital Workplace. (The previous product name was MyIT.) Although there might be minor changes in the user interface, the overall functionality remains the same.

https://youtu.be/N3vkIBqzKuE

To configure SSL for the Tomcat server

For more information about creating a certificate, see  http://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html .

Note

The self-signed certificate works only with the universal client. For mobile apps, you must use a signed certificate from a trusted Certificate Authority.

  1. Generate a self-signed certificate by running the following command:

    %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA     -keystore \path\to\my\keystore

    A .keystore file is generated in %USERPROFILE% (Windows) or $HOME (Linux), and the file is protected with a password.
  2. Place the generated file in the CATALINA_BASE/external-conf folder.

  3. Update CATALINA_BASE/conf/server.xml to enable HTTPS Connector:

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               keystoreFile="${catalina.base}/external-conf/.keystore" keystorePass="Bmcmyit1"
               clientAuth="false" sslProtocol="TLS"
			   sslEnabledProtocols="TLSv1.2,TLSv1.1,SSLv2Hello"/>

    You can find a sample server.xml file in the bsmapps\main\server\external\tomcat\conf folder. 

  4. Restart the Tomcat server.

  5. To check the configuration, open https://localhost:8443/dwp/rest/version in a browser.
    Upon initial access, a warning about a non-trusted certificate appears (because this is a self-signed certificate, not generated by a trusted CA).

  6. Click OK to continue.

To enable Strict-Transport-Security response header

To enable the Strict-Transport-Security response header for BMC Digital Workplace to tell browsers that it should be accessed with HTTPS (instead HTTP), uncomment the following code in digitalWorkplaceInstallationFolder/dwp/WEB-INF/web.xml and restart BMC Digital Workplace:

 <init-param>
            <param-name>Strict-Transport-Security</param-name>
            <param-value>max-age=16070400</param-value>
 </init-param>

Where to go from here

Making configuration changes to integrated applications

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Last modified by Olha Horbachuk on Jul 10, 2019
task tomcat ssl post-installation configuration best_practices desktop installation mobile videos

Comments

Log in or register to comment.

Configuring after installation of BMC Digital Workplace
Creating rsso-agent.properties file
© Copyright 2013 - 2018 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2023 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.