Setting up SSL between a web browser and Tomcat Web Server

This procedure describes how to set up SSL between a web browser and Tomcat Web Server. The following steps assume you are using an SSL certificate from a Certificate Authority and you are using the Tomcat Web Server provided with Control-M/EM.

To set up SSL between a Web browser and Tomcat Server:

  1. Create a certificate keystore by running one of the following commands:

    NOTE: You need to use the password at a later stage to configure the web server server.xml file. Type the information when prompted and press Enter for the certificate password, which sets the same certificate password as the keystore. You might want to use the company's domain name under the NAME field. For example, www.bmc.com.

    The keystore file tomcat.keystore is created under $JAVA_HOME/bin/ by default, if no file path is specified.

  2. Create a Certificate Signing Request (CSR) from the keystore generated in step 1.
  3. Replace the following CSR certificate filename:

    $JAVA_HOME/bin/keytool -certreq -keyalg RSA -alias tomcat -keystore tomcat.keystore -file <yourcertificatname>.csr

  4. Send the CSR file to a Certificate Authority (CA) to obtain the root certificate and and get a new SSL certificate from CA.
  5. Import the Root certificate from CA to the keystore.
  6. If an Intermediate or chain CA certificate is provided by CA, import the intermediate CA certificate instead:

    $JAVA_HOME/bin/keytool -import -trustcacerts -alias root -keystore tomcat.keystore -file <path/to/the/CA.cert>

  7. Import the new SSL certificate from CA to the keystore:

    $JAVA_HOME/bin/keytool -import -alias tomcat -keystore tomcat.keystore -file <path/to/the/ssl_cert.cer>

  8. (Optional) Confirm the keystore content by typing the following command:

    $JAVA_HOME/bin/keytool -list -v -keystore tomcat.keystore > output_filename

  9. Continue with Configuring secure communication between web application and web server.

Parent Topic

Application Integrator configuration