Configuring SSL on Control-M Web Server with the default certificate

This procedure describes how to configure SSL between Control-M client applications and the Control-M Web Server using the default certificate signed by BMC. This SSL configuration occurs in zone 1. During Control-M/EM installation a CA certificate and a self-signed certificate that is signed by this CA certificate is generated for the Control M Web Tomcat server. These certificates and the generated private key and are saved in the tomcat.p12 keystore file, located in <EM home directory>/ini/ssl.

To configure SSL for Control-M Web Server:

1. Type the following command:

   manage_webserver

2. Do the following:
   1. Turn on SSL mode, by doing the following:
      1. Press 1 to display the Tomcat configuration.
      2. Press 4 to display SSL mode.
      3. Set the current configuration for using SSL to [true]
   2. Update the keystore password, as follows:
      1. Press 3 to display Secure Connector Configuration.
      2. Press 3 to edit the SSL Connector
      3. Select the connector to edit.
      4. Press 9 to update the keystore password
3. Restart the Web Server by typing the following commands:
   • stop_web_server
   • start_web_server
4. Recycle the GUI Server and the CMS.
5. Extract the CA certificate from tomcat.p12 using the following command:

   openssl pkcs12 -in <EM_HOME>/ini/ssl/tomcat.p12 -info

6. Extract the Root certificate and store it in a text file on a Windows computer that is used to access Control-M Web with a .crt extension.
7. Double click on the .crt file and select Install Certificate and continue with the Local Machine option and then place the certificate in the Trusted Root Certificate Authorities.