When configuring Service Desk Manager (SDM) Tomcat for SSL, the NX_ROOT\bopcfg\www\CATALINA_BASE\conf\server.xml file is updated.

Part of this update includes adding a 'keystorepass' value (password set for the SSL certificate) to the connection string.

For example (keystorePass parameter highlighted in bold)

<Connector SSLEnabled="true" ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC _SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WI TH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA" clientAuth="false" keystoreFile="PATH_TO_CERTIFCATE" keystorePass="YOURPASSWORD" keystoreType="PKCS12" maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" sslProtocol="TLS"/>

Is it possible to encrypt the Tomcat 'keystorepass' value?

Service Desk Manager 17.x

All Supported Operating Systems

The KEYSTOREPASS is common to Apache Tomcat.  Someone would need access to the server itself to access the Tomcat SERVER.XML file to access the 'keystorepass' value.

Unfortunately, we do not have documentation regarding encrypting the KEYSTOREPASS nor have we tried any such encryption.

A quick internet search revealed some possible workarounds, like https://stackoverflow.com/questions/16194052/encrypt-tomcat-keystore-password.

As a reminder, test all changes in a non-PROD environment first after ensuring that a valid backup of the environment is available.

https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-3/administering/enable-ssl-authentication-for-ca-service-management-solution.html