How to Configure the Secure Socket on the OneClick Web Server Host

book

Article ID: 52093

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

How to Configure the Secure Socket on the OneClick Web Server Host

Cause

Please reference the "Configure the Secure Socket on the OneClick Server" section of the documentation for more information.

Environment

Release: Any
Component:

Resolution

1.Stop the tomcat on the OneClick web server
   a. On Windows, stop the SpectrumTomcat service
   b. On Linux, run the $SPECROOT/tomcat/bin/stopTomcat.sh script

2. Make a backup copy of the $SPECROOT/tomcat/conf/server.xml file

3. Edit the $SPECROOT/tomcat/conf/server.xml file

3.Locate the following section in the server.xml file:

    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->   (NOTE: This will be port "443" on a Windows system.)
    <!--
    <Connector
           port="8443"  (NOTE: This will be port "443" on a Windows system.)
           enableLookups="true" disableUploadTimeout="true" tcpNoDelay="true"
           acceptCount="100" scheme="https" secure="true" SSLEnabled="true"
           clientAuth="false" sslProtocol="TLS"
           sslEnabledProtocols="TLSv1.2"
           ciphers="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
                    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
                    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
                    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
                    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
                    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
                    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
                    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
                    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
                    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
                    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
                    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
                    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
                    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"
           keystoreFile="custom/keystore/cacerts"
           keystorePass="changeit">

     </Connector>
    -->

By default the <Connector> element in the section is commented out.

   a.Remove "<!--" from the line above <Connector.

   b.Remove "-->" from the end of the section (after </Connector>).

4.On Windows, the "keystoreFile" will equal "<SPECROOT>/custom/keystore/cacerts". Replace the <SPECROOT> variable with the fully qualified path to the directory in which SPECTRUM is installed. This is the same cacerts file that was used for the keytool commands to generate the certificates. The following is an example:

C:/win32app/SPECTRUM/custom/keystore/cacerts

5.Save and close the server.xml file.

6.Start the OneClick web server
   a. On Windows, start the SpectrumTomcat service
   b. On Linux, run the $SPECROOT/tomcat/bin/startTomcat.sh script