How to Configure the Secure Socket on the OneClick Web Server Host

Article Id: 52093
Status: Published
Updated On: 24-02-2020 10:29
Products:
Issue/Introduction:

How to Configure the Secure Socket on the OneClick Web Server Host

Cause:

Please reference the "Configure the Secure Socket on the OneClick Server" section of the documentation for more information.

Environment:

Release: Any
Component:

Resolution:

1.Stop the tomcat on the OneClick web server
   a. On Windows, stop the SpectrumTomcat service
   b. On Linux, run the $SPECROOT/tomcat/bin/stopTomcat.sh script

2. Make a backup copy of the $SPECROOT/tomcat/conf/server.xml file

3. Edit the $SPECROOT/tomcat/conf/server.xml file

3.Locate the following section in the server.xml file:

    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->   (NOTE: This will be port "443" on a Windows system.)
    <!--
    <Connector
           port="8443"  (NOTE: This will be port "443" on a Windows system.)
           enableLookups="true" disableUploadTimeout="true" tcpNoDelay="true"
           acceptCount="100" scheme="https" secure="true" SSLEnabled="true"
           clientAuth="false" sslProtocol="TLS"
           sslEnabledProtocols="TLSv1.2"
           ciphers="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
                    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
                    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
                    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
                    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
                    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
                    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
                    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
                    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
                    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
                    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
                    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
                    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
                    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"
           keystoreFile="custom/keystore/cacerts"
           keystorePass="changeit">

     </Connector>
    -->

By default the <Connector> element in the section is commented out.

   a.Remove "<!--" from the line above <Connector.

   b.Remove "-->" from the end of the section (after </Connector>).

4.On Windows, the "keystoreFile" will equal "<SPECROOT>/custom/keystore/cacerts". Replace the <SPECROOT> variable with the fully qualified path to the directory in which SPECTRUM is installed. This is the same cacerts file that was used for the keytool commands to generate the certificates. The following is an example:

C:/win32app/SPECTRUM/custom/keystore/cacerts

5.Save and close the server.xml file.

6.Start the OneClick web server
   a. On Windows, start the SpectrumTomcat service
   b. On Linux, run the $SPECROOT/tomcat/bin/startTomcat.sh script