Use > Hardening > Enabling Secure Sockets Layer (SSL) Communication > Enable SSL with a Client Certificate - Configuration Manager

Enable SSL with a Client Certificate - Configuration Manager

If the certificate used by the Configuration Manager Web server is issued by a well-known Certificate Authority (CA), it is most likely that your Web browser can validate the certificate without any further action.

If the CA is not trusted by the server trust store, import the CA certificate into the server trust store.

The following example demonstrates how to import the self-signed hpcert certificate into the server trust store (cacerts).

To import a certificate into the Server trust store:

  1. On the client machine, locate and rename the hpcert certificate to hpcert.cer.

  2. Copy hpcert.cer to the server machine in the <Configuration_Manager_installation_directory>\java\windows\x86_64\bin folder.

  3. On the server machine, import the CA certificate into the trust store (cacerts) using the keytool utility with the following command:

    <Configuration_Manager_installation_directory>\java\bin\keytool.exe -import
    -alias hp -file
    hpcert.cer -keystore ..\lib\security\cacerts
  4. Modify the server.xml file (located in the <Configuration_Manager_installation_directory>\servers\server-0\conf folder) as follows:

    1. Make the changes described in Modify the server.xml File.
    2. Right after those changes, add the following attributes to the HTTPS connector:

      truststoreFile="../../java/lib/security/cacerts"
      truststorePass="changeit" />

    3. Set clientAuth="true".

  5. Verify the server security as described in Verify the Server Security.