Endevor Web Service SSL/TSL RACF Keyring
search cancel

Endevor Web Service SSL/TSL RACF Keyring


Article ID: 240181


Updated On:




Using the VS Code Endevor Explorer plug-in to connect to Endevor WS Tomcat instance.

Enabled HTTPS using a RACF keyring in Endevor Web Service. Requested a CA certificate and added it to RACF keyring for the ID that the server runs under, also uncommented and edited the section of the server.xml:

     <!-- Define a SSL HTTP/1.1 Connector on port 8443 using SAF keyring -->   
     <Connector port="XXXX" maxHttpHeaderSize="8192"                           
           maxThreads="150" minSpareThreads="25"                               
           enableLookups="false" disableUploadTimeout="true"                   
           acceptCount="100" scheme="https" secure="true"                      
           clientAuth="false" sslProtocol="TLS"                                
           sslImplementationName="com.ca.sslsocket.CASSLImplementation" />     

Then set up a new Endevor profile on the explorer, reject any self signed certificates. Cannot connect to the server and keep getting an HTTPS error. 



Release : 18.1

Component : Endevor Software Change Manager


Tried the visual verification on the browser:  https://host:port/EndevorService/services/EndevorService?wsdl 

Noticed that there is a mismatch in the name of the certificate and the Endevor Tomcat server hostname (got connection not private warning and the following message):

"This server could not provide that it is xxxxxxxxxxx; its security certificate is from TOMCATH8.xxxxxxxxxxxxxx.  This may be caused by a misconfiguration or an attacker intercepting your connection"




To get the SSL/TLS connection work using CA certificate: 

The CN of the CA certificate should match Tomcat server hostname


SAN (Subject Alternate Name) in CA certificate match the Tomcat server hostname.


Create DNS alias 




Additional Information

Configure Apache Tomcat to Use SSL with Keyrings