Setting up SSL for Web UI and Automation Studio User Interface for Release Automation

Article Id: 35790
Status: Published
Updated On: 14-02-2018 07:40
Legacy Id: TEC1069872
Products:
CA Release Automation - Release Operations Center (Nolio) , CA Release Automation - DataManagement Server (Nolio)
Issue/Introduction:

Question:

How to Apply SSL for Web UI and ASAP for Release Automation

 

Answer:

For every machine where a certificate is to be generated (usually this means NAC, NES and Agent), the following conditions must apply:

  • Java JDK is installed.
  • Java JDK’s “bin” directory is set in the environment variable PATH.

Set JDK bin path in Windows Server, 

  • Click “Start” and Type “Edit environment variables for your account” in the Search on Start Menu.
  • Under “System Variables” find “PATH” variable >> Click “Edit”
  • At the end of the variable value, add a semicolon followed by the JDK “bin” path (for example: ;C:\Program Files\Java\jdk1.8.0_45\bin).

1. Open Command Line in NAC folder.

2. Run the following 6 commands one by one and follow their directives.

    a) keytool -genkeypair -keyalg RSA -keysize 2048 -keystore conf/custom-keystore.jks -alias nac-env

    b) keytool -exportcert -alias nac-env -file nac.crt -keystore conf/custom-keystore.jks -v

    c) keytool -importcert -alias nac-env -file nac.crt -keystore conf/custom-truststore.jks -v -rfc

    d) keytool -importcert -alias nac-env -file nac.crt -keystore nolio.jks -v -rfc

    e) jar cvf custom-truststore.jar nolio.jks

    f) jarsigner -keystore conf/custom-keystore.jks -verbose -keypass PASSWORD custom-truststore.jar nac-env

3. Copy the file custom-truststore.jar (created in step 3)  to \webapps\nolio-app\apps\v2.0.0\lib\

4. Create the file \conf\security-customization.properties and populate it with the following line:

ui.trustStorePassword=<plaintext password for keystore generated for custom-truststore.jar>

5. Locate the file \conf\server.xml

6. Make a copy of this file and name it server.xml.original

7. Open server.xml

8. Modify “Connector” section in server.xml as follows (4 changes):

       <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

                          compression="on"

                          compressionMinSize="102400"

                          compressableMimeType="application/x-java-serialized-object"

                          SSLEnabled="true"

                          maxThreads="150"

                          scheme="https"

                          secure="true"

                          clientAuth="false"

                          sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"

                          keyAlias="nac-env"

                          keystoreFile="conf/custom-keystore.jks"

                          keystorePass="<plaintext password for keystore">

                      maxSwallowSize="-1">

     </Connector>

9. Close all instances of ASAP and ROC.

10. Clear Java cache by running: javaws –uninstall

11. Restart NAC service.

 

Additional Information:

To verify Web UI Certificates Were Applied

  1. Open browser at: https://NAC:8443 (make sure you are adding “https” at the start)
  2. Open browser certificate.
  3. Confirm certificate details as those you created.

Environment:

Release: NOLNAC99000-5.5-Nolio-Automation Center
Component: