Configuring secure communication between web application and web server

This procedure describes how to configure Control-M/EM Web Server to work with HTTPS, which secures data between the web browser and the web server.

NOTE: Control-M/EM Web Server is an Apache Tomcat Web Server.

The Control-M/EM Web Server provides a DEMO certificate signed by the DEMO CA of Control-M. The DEMO CA of Control-M, which certifies the DEMO Certificate, is not trusted by the Web browser. The Web browser issues a warning message informing you not to browse to this site, because the DEMO CA is not trusted by the Web browser. If you continue, you will receive a certificate error notification. BMC Software recommends that you replace the demo certificate with a certificate signed by a known CA in your organization.

To configure Control-M/EM Web Server to work with HTTPS:

1. Edit one of the following files depending on your operating system:
   • Windows: {CONTROL-M/EM}\{Instance}\emweb\tomcat\conf\server.xml
   • UNIX: {CONTROL-M/EM}/ctm_em/etc/emweb/tomcat/conf/server.xml

   In the server.xml file, navigate to the following xml content. The connector must point to the correct key store and correct password.

   <!-- A "Connector" represents an endpoint by which requests are received

   ...

   ...
   -->

   Add the following xml content after the above content.

   <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"

   maxThreads="150" scheme="https" secure="true"

   clientAuth="false" sslProtocols="TLSv1, TLSv1.1, TLSv1.2"

   keystoreFile="conf/tomcat.keystore"

   keystorePass="{password}" />

   For an example of this configuration, open the server.xml.HTTPS file.

2. In the Control-M Configuration Manager, recycle the Control-M Web Server.

   To redirect HTTP to HTTPS, see Redirecting HTTP to HTTPS.