How can I enable SSL in the R12.5 Web Access Management User Interface (WAM UI) using a non-default certificate?

book

Article ID: 49639

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

I am trying to enable the SSL connection for the WAMUI using my own certificates instead of the default certificate. I have followed the technical document TEC562435 but it does not address my specific requirements.

Solution:

For deploying your certificate(s) to the Siteminder WAM UI the server.xml of the embedded JBOSS needs to be edited following the instructions below. If you are running the WAM UI on your own application server you would need to follow that vendors documentation and amend our instructions accordingly.

The parameters that need to be modified are: keyAlias, keystoreFile, keystoreType, keystorePass (the last four parameters). 

section in Server.xml:
   <Connector
   protocol="HTTP/1.1"
   address="${jboss.bind.address}"
   port="8443"
   SSLEnabled="true"
   scheme="https"
   secure="true"
   emptySessionPath="true"
   enableLookups="true"
   maxPostSize="0"
   acceptCount="100"
   connectionTimeout="20000"
   URIEncoding="UTF-8"
   minSpareThreads="5"
   maxSpareThreads="75"
   keyAlias="tomcat"
   keystoreFile="jsse.keystore"
   keystoreType="jks"
   keystorePass="changeit" />
  1. Stop "SiteMinder Administrative UI" Service and take a backup of Server.xml before making edits (from <SiteMinderInstallation>\adminui\server\default\deploy\jbossweb.sar)

  2. Change keystoreFile="jsse.keystore" to keystoreFile="<customer KeyStore with Location>"
    Note : If Location is not recognizable or WAMUI is not working, place the keystore file in <SiteMinderInstallation>\adminui\server\default\deploy\jbossweb.sar folder

    If you already have another type of keystore file, the keystoreType field needs to be specified accordingly. In case of questions please refer to the JBoss documentation . If you do not have a keystore, it can be created using keytool .

  3. Change keystoreType="jks" if your keystore is of a different type.

  4. Change keyAlias="tomcat" to keyAlias="<customer Alias>"

    The alias can be viewed using the keytool command that comes with the Siteminder JDK.

  5. Change keystorePass="changeit" to keystorePass="<customer keystore password>"

  6. Restart the Service "SiteMinder Administrative UI" and access the Siteminder Web Admin UI.

Please also refer to the aforementioned TEC562435 regarding how to secure the UI using SSL

https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=TEC562435

Environment

Release:
Component: SMAUI
Powered by Wolken Software