Use > Hardening > Enabling Secure Sockets Layer (SSL) Communication > Configure SSL Support for the UCMDB Browser

Configure SSL Support for the UCMDB Browser

Note The instructions provided here are relevant to UCMDB Browser version 1.95. If you are using a later version of the UCMDB Browser that has been upgraded separately from the rest of the UCMDB product suite, see the section on configuring SSL support in the Universal CMDB Browser Installation and Configuration Guide for that version.

To install and configure SSL support on Tomcat:

  1. Create a keystore file to store the server's private key and self-signed certificate by executing one of the following commands:

    • For Windows: %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA

    • For Unix: $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA

    For both commands, use the password value changeit (for all other fields in the console dialog that opens, you can use any value).

  2. Remove comments from the entry SSL HTTP/1.1 Connector in $CATALINA_BASE/conf/server.xml, where $CATALINA_BASE is the directory in which you installed Tomcat.

    Note For a full description on how to configure server.xml to use SSL, see the Apache Tomcat official site: http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html

  3. Restart the Tomcat server.

To use the HTTPS protocol for connection to the UCMDB server:

  1. In ucmdb_browser_config.xml, assign the value https to the tag<protocol> and assign the UCMDB server HTTPS port value (8443 by default) to the tag <port>.
  2. Download the UCMDB Server public certificate to the UCMDB Browser machine (if you use SSL on the UCMDB-Server, the UCMDB administrator can provide you with this certificate), and import it into the cacerts trust store on the JRE that is going to connect to the server by executing the following command:

    "%JAVA_HOME%\bin\keytool" -import -alias ucmdb -trustcacerts -file <UCMDB-Server-certificate-file> -keystore "%JAVA_HOME%\jre\lib\security\cacerts"

    where <UCMDB-Server-certificate-file> is the full path to the UCMDB Server public certificate file.

  3. Restart the Tomcat server.