How To Configure SSL for Tomcat With Unified Self Service (USS)?

book

Article ID: 128014

calendar_today

Updated On:

Products

CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction

How To Configure SSL for Tomcat With Unified Self Service (USS)?

Environment

Unified Self-Service (USS) 14.1
Unified Self-Service (USS) 17.1

Resolution

Unified Self Service is based on Liferay and uses Tomcat to deploy the USS application so we need to configure SSL in Liferay (tomcat) to deploy USS using SSL.


1) Generate key using keytool from JRE being used by Unified Self Service (USS). Path should be similar to: C:\Program Files\CA\Self Service\OSOP\tomcat-7.0.40\jre\bin

Run: keytool -genkey -alias tomcatserver -keypass changeit -keyalg RSA

The .keystore will be created in the Users home folder. Example: c:\Users\Administrator\.keystore

2) Export key into a certificate

Run: keytool -export -alias tomcatserver -keypass changeit -file myserver.cert

The myserver.cert will be located within the bin folder where you are placed.

3) Import the certificate into USS tomcat server JRE.

Run: keytool -import -alias tomcatserver -file "C:\Program Files\CA\Self Service\OSOP\tomcat-7.0.40\jre\bin\myserver.cert" -keypass changeit -keystore "C:\Program Files\CA\Self Service\OSOP\tomcat-7.0.40\jre\lib\security\cacerts"

4) Locate server.xml in Tomcat being used by USS (Liferay) and take a backup of the file. The path should be similar to: C:\Program Files\CA\Self Service\OSOP\tomcat-7.0.40\conf\server.xml

5) Locate the section to configure SSL searching for <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"

6) Remove the comment tags <!-- and --> to uncomment this section

7) Set the keystoreFile and keystorePass with the path of the keystore and password. Example:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" keystoreFile="C:/Users/Administrator/.keystore" keystorePass="changeit"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />

8) Save Changes

9) Restart USS Services

10) Log into USS by using SSL port. URL example: https://localhost:8443/web/frontoffice

Additional Information

Link for Liferay: http://www.liferay.com/web/meera.success/blog/-/blogs/liferay-portal-ssl-configuration