Defining the SSL connections in server.xml

book

Article ID: 180546

calendar_today

Updated On:

Products

Critical System Protection

Issue/Introduction

 

Resolution

Defining the SSL connections in server.xml

 

SSL X.509 certificate-based channel encryption secures communication between the management console and the management server, and between the agent and the management server.

 

If you do not want to use SSL X.509 certificate-based channel encryption for Symantec Critical System Protection, you must define the SSL connections in the server.xml file, found on the management server.

 

The server.xml file is located in the following directory:

 

<Server_Install_Root>\tomcat\conf

 

To define the SSL connections in server.xml  

 

1.  In the New Server Configuration dialog, clear the Use encrypted communications check box.

 

2.  Using Notepad or other text editor, edit server.xml.

 

3.  In server.xml, define the SSL connection in the agent service tag.

 

Inside the agent service tag (look for <Service name=”SSS-Agent-Service”>), a Connector tag defines the default SSL connection. Immediately following this is a commented definition for a non-SSL connection. To enable non-SSL connections, uncomment the second connection, and change its port number if desired. The port that you specify must not be in use by any other programs on the system. To conserve resources, it is not recommended to leave both connectors uncommented unless you need to use both SSL and non-SSL communications.

 

4.  In server.xml, define the SSL connection in the console service tag.

 

Inside the console service tag (look for <Service name=”SSS-Console-Service”>), there is a similar SSL connector and commented non-SSL connector. Follow the same instructions as for the agent connectors.

 

5.  Save the changes to server.xml.

 

6.  Restart the Symantec Critical System Protection Server service.