search cancel

Endevor Web Service SSL/TSL RACF Keyring


Article ID: 240181


Updated On:


Endevor Software Change Manager (SCM)


Using the VS Code Endevor Explorer plug-in to connect to Endevor WS Tomcat instance.

Enabled HTTPS using a RACF keyring in Endevor Web Service. Requested a CA certificate and added it to RACF keyring for the ID that the server runs under, also uncommented and edited the section of the server.xml:

     <!-- Define a SSL HTTP/1.1 Connector on port 8443 using SAF keyring -->   
     <Connector port="8443" maxHttpHeaderSize="8192"                           
           maxThreads="150" minSpareThreads="25"                               
           enableLookups="false" disableUploadTimeout="true"                   
           acceptCount="100" scheme="https" secure="true"                      
           clientAuth="false" sslProtocol="TLS"                                
           sslImplementationName="" />     

Then set up a new Endevor profile on the explorer, reject any self signed certificates. Cannot connect to the server and keep getting an HTTPS error. 



Tried the visual verification on the browser: 

Noticed that there is a mismatch in the name of the certificate and the Endevor Tomcat server hostname (got connection not private warning and the following message):



Release : 18.1

Component : Endevor Software Change Manager


To get the SSL/TLS connection work using CA certificate: 

The CN of the CA certificate should match Tomcat server hostname


SAN (Subject Alternate Name) in CA certifcate match the Tomcat server hostname.


Create DNS alias (in this example creating a DNS alias for




Additional Information

Configure Apache Tomcat to Use SSL with Keyrings