This documentation supports the 18.08 version of Remedy with Smart IT.

To view the latest version, select the version from the Product version menu.

Configuring SSL for the Tomcat server

To provide communication security among applications, configure SSL for the Apache Tomcat server. If you enabled SSL as part of installation, SSL is already configured. Otherwise, follow this procedure.

Best Practice

  • To protect data, use HTTPS to communicate to the Remedy with Smart IT (Smart IT) server. You can do so either through a load balancer or reverse proxy, or by enabling HTTPS on the Smart IT server.
  • Install Remedy with Smart IT and BMC Digital Workplace on separate Tomcat servers. If you want to install Remedy with Smart IT and BMC Digital Workplace on the same bundle Tomcat server, see Smart IT troubleshooting.

Before you begin

Perform the Smart IT installation.

To configure SSL for the Tomcat server

For more information about creating a certificate, see http://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html.

Note

The self-signed certificate works only with the universal client. For mobile apps, you must use a signed certificate.

  1. Generate a self-signed certificate by running the following command:
    %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
    A .keystore file is generated in %USERPROFILE% (Windows) or $HOME (Linux), and the file is protected with a password.

    Note

    For signed certificate this step is not applicable. Use the keystore file provided by your certificate provider for a signed certificate.

  2. Place the generated file in the CATALINA_BASE/external-conf folder.
  3. Update CATALINA_BASE/conf/server.xml to enable HTTPS Connector:

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
                   maxThreads="150" scheme="https" secure="true"
                   keystoreFile="${catalina.base}/external-conf/.keystore" keystorePass="Bmcmyit1"
                   clientAuth="false" sslProtocol="TLS"
    			   sslEnabledProtocols="TLSv1.2,TLSv1.1,SSLv2Hello"/>

    A sample server.xml file can be found in the bsmapps\main\server\external\tomcat\conf folder. 

  4. Restart the Tomcat server.

  5. To check the configuration, open https://localhost:8443/smartit/rest/version in a browser.
    Upon initial access, a warning about an non-trusted certificate appears (because this is a self-signed certificate, not generated by a trusted CA).

  6. Click OK to continue.

Where to go from here

Complete the remaining tasks for Configuring after installation.



Was this page helpful? Yes No Submitting... Thank you

Comments