Configure SSL on omsUI
Article ID: KB0094810
Updated On:
| Products | Versions |
|---|---|
| TIBCO Fulfillment Order Management | - |
Description
How to configure SSL on omsUI tomcat
Environment
FOM 3.0
Resolution
In this example we will create a self-signed certificate. In production environment, you should consider to buy a signed certificate from trusted SSL service provider like verisign or sign it with your own CA server.
1) Using keytool command to create a self-signed certificate.
keytool -genkey -alias fom -keyalg RSA -keystore /home/tibco/keystore/fomkeystore
This will create fomkeystore in /home/tibco/keystore folder.
2) To check certificate details:
keytool -list -keystore /home/tibco/keystore/fomkeystore
3) In $AF_HOME/apache-tomcat-7.0.42/conf/server.xml we can find following section:
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
We have to comment out and add keystore information.
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="/home/tibco/keystore/fomkeystore" keystorePass="tibco123"/>
Where the keystorePass="tibco123" is the password we assigned in our keystore via keytool command.
4) In this example, we are using Firefox to access the omsui configured SSL site, and we are getting a not trusted page (attached browserNotsecure.png). This is caused by the self-signed certificate.
1) Using keytool command to create a self-signed certificate.
keytool -genkey -alias fom -keyalg RSA -keystore /home/tibco/keystore/fomkeystore
This will create fomkeystore in /home/tibco/keystore folder.
2) To check certificate details:
keytool -list -keystore /home/tibco/keystore/fomkeystore
3) In $AF_HOME/apache-tomcat-7.0.42/conf/server.xml we can find following section:
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
We have to comment out and add keystore information.
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="/home/tibco/keystore/fomkeystore" keystorePass="tibco123"/>
Where the keystorePass="tibco123" is the password we assigned in our keystore via keytool command.
4) In this example, we are using Firefox to access the omsui configured SSL site, and we are getting a not trusted page (attached browserNotsecure.png). This is caused by the self-signed certificate.
Issue/Introduction
Configuring SSL on omsUI tomcat
Additional Information
https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
Feedback
Yes
No
Powered by
