Limited support This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments. Click here to view the documentation for the current version.

Configuring SSL for the Tomcat server

To provide communication security among applications, configure SSL for the Apache Tomcat server. If you enabled SSL as part of installation, SSL is already configured. Otherwise, follow this procedure.

Best practice
To protect data, use HTTPS to communicate to the BMC Digital Workplace and Remedy with Smart IT (Smart IT) server. You can do so either through a load balancer or reverse proxy, or by enabling HTTPS on the BMC Digital Workplace and Smart IT server.

Before you begin

Perform the Smart IT and BMC Digital Workplace installation.

Video demonstration: Configuring SSL for BMC Digital Workplace and Smart IT

Note

The following video shows an older version of BMC Digital Workplace. The previous product name was MyIT. Although there might be minor changes in the user interface, the overall functionality remains the same.

icon-play.pnghttps://youtu.be/N3vkIBqzKuE

To configure SSL for the Tomcat server

For more information about creating a certificate, see  http://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html.

Note

The self-signed certificate works only with the universal client. For mobile apps, you must use a signed certificate from a trusted Certificate Authority.

  1. Generate a self-signed certificate by running the following command:
    %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA -keystore \path\to\my\keystore 
    A .keystore file is generated in %USERPROFILE% (Windows) or $HOME (Linux), and the file is protected with a password.
  2. Place the generated file in the CATALINA_BASE/external-conf folder.

  3. Update CATALINA_BASE/conf/server.xml to enable HTTPS Connector:

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
                  maxThreads="150" scheme="https" secure="true"
                  keystoreFile="${catalina.base}/external-conf/.keystore" keystorePass="Bmcmyit1"
                  clientAuth="false" sslProtocol="TLS"
      sslEnabledProtocols="TLSv1.2,TLSv1.1,SSLv2Hello"/>

    A sample server.xml file can be found in the bsmapps\main\server\external\tomcat\conf folder. 

  4. Restart the Tomcat server.
  5. To check the configuration, open  https://localhost:8443/ux/rest/version  in a browser.
    Upon initial access, a warning about an non-trusted certificate appears (because this is a self-signed certificate, not generated by a trusted CA).
  6. Click OK to continue.

Where to go from here

Making-configuration-changes-to-integrated-applications

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*