42.7 Updating the SSL Settings in the Configuration Utility

On Linux, the installer automatically configures the SSL settings. If required, you can modify the values using the configuration utility. Ensure that Tomcat is stopped.

systemctl stop netiq-tomcat.service

On Windows, when you install the identity applications and Identity Reporting, you should specify https for the communication method. For example, Protocol. However, after installation, you can use the ConfigUpdate utility to ensure that the applications communicate with SSL. For more information about these parameters, see Configuring the Settings for the Identity Applications in the NetIQ Identity Manager Setup Guide for Linux or Configuring the Settings for the Identity Applications in the NetIQ Identity Manager Setup Guide for Windows.

To update the SSL settings:

  1. Stop Tomcat.

  2. Navigate to the RBPM Configuration utility, located by default in the installation directory for the identity applications.

    Linux: /opt/netiq/idm/apps/configupdate

    Windows: C:\NetIQ\idm\apps\UserApplication

  3. At the command prompt, use one of the following methods to run the configuration utility:

    • Linux: ./configupdate.sh

    • Windows: configupdate.bat

    NOTE:You might need to wait a few minutes for the utility to start up.

  4. (Conditional) If you configure SSL in the configupdate utility, navigate to the Authentication tab and replace all the references mentioned in the SSO Clients tab.

    https://<IP address>:<SSL Port number>

    For example,

    https://192.168.0.1:8543

  5. Click Authentication > Show Advanced Options, and then modify the following settings:

    OAuth server TCP port

    Specifies the port for the authentication server.

    OAuth server is using TLS/SSL

    Specifies that you want the authentication server to use TLS/SSL protocol for communication.

    Optional TLS/SSL keystore file

    Specifies the path and filename of the Java JKS keystore file that contains the authentication server trust certificate. This parameter applies when the authentication server uses TLS/SSL protocol, and the trust certificate for the authentication server is not in the JRE trust store (cacerts).

    Optional TLS/SSL keystore password

    Specifies the password used to load the keystore file for the TLS/SSL authentication server.

    OAuth keystore file

    Specifies the path to the Java JKS keystore file you want to use for authentication. The keystore file must contain at least one public/private key pair.

    OAuth keystore file password

    Specifies the password used to load the OAuth keystore file.

    Key alias of key for use by OAuth

    Specifies the name of the public/private key pair in the OSP keystore file that you want to use to symmetric key generation.

    Key password key for use by OAuth

    Specifies the password for the private key used by the authentication server.

  6. Click SSO Clients.

  7. Update all of the URL settings, such as URL link to landing page and OAuth redirect URL.

    These settings specify the absolute URL to which the authentication server directs a browser client when authentication is complete.

    Use the following format: https://DNS_name:sslport/path. For example, https:/nqserver.testsite:8543/landing/com.netiq.test.

  8. Save the changes in the configuration utility.