Moogsoft Docs

Configuring SSL in CA Spectrum

SSL Configurations

To configure the SSL connection in CA Spectrum proceed as follows:

  1. Shut down the OneClick web server.
  2. Open $SPECROOT/tomcat/conf/server.xml in your preferred text editor.


    The general paths for the $SPECROOT are as follows:

    • Windoow C:/win32app/SPECTRUM


    The above path may vary depending upon where you have installed CA Spectrum

  3. Locate the following section in the server.xml file:

    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 443 -->
               port="443" minProcessors="5" maxProcessors="75"
               enableLookups="true" disableUploadTimeout="true"
               acceptCount="100" debug="0" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" ssl_enabled=yes
  4. Remove the comments around the Connector definition. Perform the following actions:
    1. Remove "<!--" from the line preceding to <Connector.
    2. Remove "-->" from the end of the section (after </Connector>).
  5. Replace the < SPECROOT > variable in the value for the keystoreFile attribute with the fully qualified path to the directory where CA Spectrum is installed. You can use the cacerts file for the keytool commands to generate the certificates. Verify the following examples:
    • Windows C:/win32app/SPECTRUM/custom/keystore/cacerts

    • UNIX /usr/SPECTRUM/custom/keystore/cacerts

  6. Enter the desired keystorePass, use the same password entered here during the generation of the certificate files in the below steps.

  7. Save and close the server.xml file.
  8. On the OneClick web server host, navigate to the $SPECROOT /Java/bin directory.
  9. Generate a private self-signed certificate in the custom cacerts file by issuing the following command:

    ./keytool -genkey -alias tomcatssl -keyalg RSA -keystore /usr/SPECTRUM/custom/keystore/cacerts

    The keytool prompts with a series of questions and uses the values that you specify to perform the following actions:

    • Create an issuer name for your organization (This name is an X.500 Distinguished Name that is intended to be unique across the Internet. For more information, see the keytool utility at ).
    • Generate the self-signed certificate using the issuer name.

      In case the keystore is not saved to $SPECROOT/custom/keystore, it is overwritten during an upgrade.

  10. Enter your answers to the following questions:

    Enter keystore password:
    What is your first and last name?
    What is the name of your organizational unit?
    What is the name of your organization?
    What is the name of your City or Locality?
    What is the name of your State or Province?
    What is the two-letter country code for this unit?

    For the question What is your first and last name? , enter the FQDN of the CA Spectrum server

  11. After entering the answers to above questions, the Keytool shows all the answers and asks if it is correct, Enter Yes.

  12. Enter the key password that is mentioned in the $SPECROOT /tomcat/conf/server.xml configuration file.


    If you change the default password for the Tomcat web server, specify the custom password in the $SPECROOT /tomcat/conf/server.xml configuration file
  13. Restart the OneClick tomcat service.