Configuring Control-M/EM Web Server to work with HTTPS

This procedure describes how to configure Control-M/EM Web Server to work with HTTPS, which secures data between the web browser and the web server.

Control-M/EM Web Server is Apache Tomcat Web Server.

To work with HTTPS, you must have a trusted certificate. If you generate your own certificate, you must add to the trusted zone so Microsoft Silverlight will recognize your site.

The Control-M/EM Web Server provides a DEMO certificate signed by the DEMO CA of Control-M. The DEMO CA of Control-M, which certifies the DEMO Certificate, is not trusted by the Web browser. The Web browser issues a warning message informing you not to browse to this site, because the DEMO CA is not trusted by the Web browser. If you continue, you will receive a certificate error notification.

BMC Software recommends that you replace the demo certificate with a certificate signed by a known CA in your organization.

To configure Control-M/EM Web Server to work with HTTPS:

1. Create a certificate keystore by running one of the following commands:
   • Windows: %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore -storepass {password}
   • UNIX: $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore -storepass {password}

   For information on creating a keystore for use with the Tomcat Web Server, see Exporting or importing private/public keys. The alias_for_the_entry variable must be tomcat.

2. Edit one of the following files:
   • Windows: {CONTROL-M/EM}\{Instance}\emweb\tomcat\conf\server.xml
   • UNIX: {CONTROL-M/EM}/ctm_em/etc/emweb/tomcat/conf/server.xml

   If you change the password or change the keystore file name change the keystorePass and keystoreFile attributes, as shown in the example below:

3. In the server.xml file, navigate to the following xml content.

   <!-- A "Connector" represents an endpoint by which requests are received

   ...

   ...
   -->

4. Add the following xml content after the above content.

   <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"

   maxThreads="150" scheme="https" secure="true"

   clientAuth="false" sslProtocol="TLS"

   keystoreFile="conf/tomcat.keystore"

   keystorePass="{password}" />

   The value of the keystorePass parameter for the demo certificate is emdemo.

   For an example of this configuration, open the server.xml.HTTPS file.