Moogsoft Docs

Configuring SSL in CA Spectrum

SSL Configurations

To configure the SSL connection in CA Spectrum proceed as follows:

  1. Shut down the OneClick web server.
  2. Open $SPECROOT/tomcat/conf/server.xml in your preferred text editor.

    Note

    The general paths for the $SPECROOT are as follows:

    • Windoow C:/win32app/SPECTRUM

    • LINUX /usr/SPECTRUM

    The above path may vary depending upon where you have installed CA Spectrum

  3. Locate the following section in the server.xml file:


    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 443 -->
        <!--
        <Connector
               port="443" minProcessors="5" maxProcessors="75"
               enableLookups="true" disableUploadTimeout="true"
               acceptCount="100" debug="0" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" ssl_enabled=yes
               keystoreFile="<SPECROOT>/custom/keystore/cacerts"
               keystorePass="changeit">
         </Connector>
        -->
  4. Remove the comments around the Connector definition. Perform the following actions:
    1. Remove "<!--" from the line preceding to <Connector.
    2. Remove "-->" from the end of the section (after </Connector>).
  5. Replace the < SPECROOT > variable in the value for the keystoreFile attribute with the fully qualified path to the directory where CA Spectrum is installed. You can use the cacerts file for the keytool commands to generate the certificates. Verify the following examples:
    • Windows C:/win32app/SPECTRUM/custom/keystore/cacerts

    • UNIX /usr/SPECTRUM/custom/keystore/cacerts

  6. Enter the desired keystorePass, use the same password entered here during the generation of the certificate files in the below steps.

  7. Save and close the server.xml file.
  8. On the OneClick web server host, navigate to the $SPECROOT /Java/bin directory.
  9. Generate a private self-signed certificate in the custom cacerts file by issuing the following command:


    ./keytool -genkey -alias tomcatssl -keyalg RSA -keystore /usr/SPECTRUM/custom/keystore/cacerts


    The keytool prompts with a series of questions and uses the values that you specify to perform the following actions:

    • Create an issuer name for your organization (This name is an X.500 Distinguished Name that is intended to be unique across the Internet. For more information, see the keytool utility at http://java.sun.com ).
    • Generate the self-signed certificate using the issuer name.

      In case the keystore is not saved to $SPECROOT/custom/keystore, it is overwritten during an upgrade.

  10. Enter your answers to the following questions:


    Enter keystore password:
    What is your first and last name?
    What is the name of your organizational unit?
    What is the name of your organization?
    What is the name of your City or Locality?
    What is the name of your State or Province?
    What is the two-letter country code for this unit?

    For the question What is your first and last name? , enter the FQDN of the CA Spectrum server

  11. After entering the answers to above questions, the Keytool shows all the answers and asks if it is correct, Enter Yes.

  12. Enter the key password that is mentioned in the $SPECROOT /tomcat/conf/server.xml configuration file.

    Note

    If you change the default password for the Tomcat web server, specify the custom password in the $SPECROOT /tomcat/conf/server.xml configuration file
  13. Restart the OneClick tomcat service.