Secure CA Web Administrator Using SSL.

Document ID:  TEC510772
Last Modified Date:  03/26/2013
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA Web Administrator for Top Secret
  • CA Top Secret
  • CA Top Secret for z/OS
  • CA Top Secret Option for DB2
  • CA Web Administrator for ACF2 for z/OS

Components

  • CA WEB ADMINN FOR TOP SECRET:TSSWEB

Description:

How do you configure CA Web Administrator to use SSL?

Solution:

SSL setup must be configured in:

  1. CA LDAP for Top Secret

  2. CA Web Administrator

Here is the flow, when using CA Web Administrator:

Browser --> CA Web Administrator Server --> CA Top Secret LDAP --> CA Top Secret.

or

CA Top Secret --> CA Top Secret LDAP --> Web Admin Server --> Browser.

CA Web Adminstrator uses Tomcat to communicate with CA LDAP for Top Secret and needs to be configured to use SSL. Please see the following instructions to setup Tomcat to use SSL:

http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html

  1. Documents how to create the keystore, which will hold the digital certificate used to connect to CA Top Secret LDAP.

  2. Documents how to put a digital certificate into the keystore.

  3. Documents how to configure Tomcat to use a SSL connection by modifying the Tomcat config file.

Please refer to the CA LDAP Administrator Guide for details on configuring it to use SSL.

If the CA LDAP Server for Top Secret is setup to do SSL using a Keyring and a 3rd party certificate, update the slapd.conf file with the necessary entries:

 hosturls ldap://:389 ldaps://:636 
 TLSKeyringName       NDMTRING                                              '

"NDMTRING" would be your keyring label name.

There is a parameter in the slapd.conf file to tell CA LDAP whether to do client/server SSL or just server SSL.

 TLSVerifyCLient No  <--Server SSL 
 TLSVerifyClient Yes <--Client/Server SSL 

For additional information please refer to the CA LDAP Administrator Guide, which documents how to setup the CA LDAP server to use SSL.

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >