How to configure Endpoint Management to use SSL

Document ID:  TEC1198076
Last Modified Date:  07/16/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA Privileged Identity Manager

Releases

  • CA Privileged Identity Manager:Release:12.8
  • CA Privileged Identity Manager:Release:12.9
  • CA Privileged Identity Manager:Release:14

Components

  • CA ControlMinder:SEOSWG
  • CA ControlMinder - NT:SEOSNT
Introduction:

When Endpoint Management is installed standalone/without the ENTM, it is not configured to use SSL.

This document demonstrates how to configure the Endpoint Management web front end to use SSL/HTTPS

Instructions:

1) Generate a new self-signed certificate for Endpoint Management. In a command prompt run, where <JDK> is the location where the jdk used by jboss is installed, e.g. C:\jdk1.7.0.

 

keytool -genkey -alias acem -keyalg RSA -validity 365 -keystore <JDK>\jre\lib\security\cacerts 

 

When prompted for a password, the password is:  

changeit 

 

Follow the prompts to create the certificate for you and your organization. 

 

2) Edit <jboss>\server\default\deploy\jboss-web.deployer\server.xml 

 

Find the following: 

 

<!-- 

<Connector port="18443" protocol="HTTP/1.1" SSLEnabled="true" 

maxThreads="150" scheme="https" secure="true" 

clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"/> 

--> 

 

Uncomment it and point it towads the keystore from step 1. It should look like the following where <JDK> is the location where the jdk used by jboss is installed, e.g. C:/jdk1.7.0. Please note that you should use forward slashes (/) instead of backslashes (\) in paths: 

 

<Connector port="18443" protocol="HTTP/1.1" SSLEnabled="true" 

maxThreads="150" scheme="https" secure="true" 

clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8" 

keystoreFile="<JDK>/jre/lib/security/cacerts" keystorePass="changeit"/> 

 

3) Stop the jboss service 

 

4) Delete <jboss>\server\default\tmp and <jboss>\server\default\work 

 

5) Start the jboss service

 

6) When jboss is started, go to https://<server>:18443/acem/ in a browser

 

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >