Setting an HTTPS connection
To set up an HTTPS connection, the Tomcat server that hosts the BMC Atrium Single Sign-On server must be modified to define an HTTPS connection with an explicit truststore and an explicit keystore.
The default Tomcat server used by BMC Artium Single Sign-On uses a keystore and a truststore for secure (HTTPS, Transport Layer Security) communications.
If the Tomcat server does not have a truststore and a keystore, new self-signed certificates must be generated using the keytool. For more information, see Installing-and-managing-certificates-in-BMC-Atrium-Single-Sign-On.
The following XML code is an example of the HTTPS connection and is one of the configuration supported.
The example shows use of keystore and truststore of type PKCS12, named keystore.p12 and cacerts.p12 along with password "keystore_password" and "truststore_password" respectively.
protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RS
A_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_D
SS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA
_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
keystoreFile="CATALINA_HOME/conf/keystore.p12"
keystorePass="keystore_password "
keystoreType="PKCS12"
keystoreProvider="JsafeJCE"
truststoreFile="CATALINA_HOME/conf/cacerts.p12"
truststorePass="truststore_password"
truststoreType="PKCS12"
truststoreProvider="JsafeJCE"/>
Related topics
Importing-a-certificate-into-keystore-p12
Importing-a-certificate-into-cacerts-p12