Follow the steps outlined in this section of the Spectrum guide to generating a private self-signed certificate:

Configure OneClick for Secure Sockets Layer

1. Open a bash shell (bash -login) on the Spectrum OneClick web server machine.

2. Navigate to the $SPECROOT/Java/bin/ directory.

3. Run the following syntax to add the tomcatssl alias in the cacerts (keystore file):

$ ./keytool.exe -genkey -alias tomcatssl -keyalg RSA -keystore c:/win32app/Spectrum/custom/keystore/cacerts

OR

$ ./keytool.exe -genkey -alias tomcatssl -keyalg RSA -keystore ../../custom/keystore/cacerts

4. The default password is "changeit" without quotes.

5. In the "What is your first and last name?" field supply the OneClick FQDN (Fully Qualified Domain Name).

6. Supply the other information similar to the screenshot below:

Follow the steps outlined in this section of the Spectrum guide to configure the Secure Socket on the OneClick Web Server Host:

Configure OneClick for Secure Sockets Layer

7. Shutdown the OneClick web server.

cd $SPECROOT/tomcat/bin/

./stopTomcat.sh

8. Open the $SPECROOT/tomcat/conf/server.xml file in your preferred text editor. (Take a backup before modifying it)

9. Locate the following section in the server.xml file and uncomment it. And replace the <SPECROOT> variable in the value for the keystoreFile attribute with the fully qualified path to the directory where DX Spectrum is installed.

• Remove "<!--" from the line preceding to <Connector.
  
  
• Remove "-->" from the end of the section (after </Connector>).
  
  

• Windows
  C:/win32app/Spectrum/custom/keystore/cacerts
  
  
• UNIX
  /usr/Spectrum/custom/keystore/cacerts

12. Supply the following in the browser:

https://<OneClick_hostname>:<port>/spectrum
https://<OneClick_hostname>:443/spectrum

And click on "Continue to this website (not recommended)."

Follow the steps to install the private self-signed certificate

13. Click on the Certificate error or double click on the exported tomcatssl.crt file from step 6 once it has been moved locally.

14. Click on View certificates.

15. Click on Install Certificate

16. Select Local Machine and click on Next button.

17. Select "Place all certificates in the following store" and click on Browse button.

18. Select "Trusted Root Certification Authorities" and click on the OK button.

19. Click on the Next button.

20. Click on the Finish button.

21. Click on the OK button.

22. Click on the OK button.

23. Close the browser, and launch it again.

Supply the following in the browser:

https://<OneClick_hostname>:<port>/spectrum
https://<OneClick_hostname>:443/spectrum

There is no certificate error.

Click on the OneClick WebApp.

24. A new TAB will open with the following error message:

Follow the steps outlined in this section of the Spectrum guide to configuring the SSL support for OneClick WebApp:

OneClick WebApp

25. Navigate to the $SPECROOT/tomcat/conf/server.xml file and copy the connectors https ports-related information and paste in the $SPECROOT/webtomcat/conf/server.xml file, so that it does not conflict with the standard OneClick Tomcat SSL port.

Copy from row 11 to 37 of the $SPECROOT/tomcat/conf/server.xml file.

Paste them in row 146 of the $SPECROOT/webtomcat/conf/server.xml file. The copied section should be in between </Engine> and </Service> tags.
Change the port number from 443 to 7443. Avoid using port 9443, as this port number is should be already in use.

26. Save and close the server.xml file.

27. Stop/Start the SpectrumWebTomcat service.

28. Launch the OneClick WebApp again. At this time it should open successfully.

How to recover the original cacerts file if it gets corrupted.