42.6 Updating the SSL Settings for the Application Server

The installer automatically configures the application server that hosts the identity applications and Identity Reporting to support SSL communication. It creates the connector by default in server.xml file located by default in the following paths:

Linux: /opt/netiq/idm/apps/tomcat/conf/

Windows: C:\NetIQ\idm\apps\tomcat\conf 

<Connector port="https_port" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLSv1.2" keystoreFile="path_to_keystore_file" keystorePass="keystore_password" sslEnabledProtocols="TLSv1.2" />

where:

keystoreFile

Specifies the path to the keystore file, for example, idmapps.keystore file. Place the file in the respective directories based on your platform:

Linux: /opt/netiq/idm/apps/tomcat/conf/

Windows: C:\NetIQ\idm\apps\tomcat\conf

keystorePass

Specifies the password for the idmapps.keystore file.

You must verify that the keystore password and the keystore file path are correct in server.xml file.

To modify the values supplied by the installation, perform the following actions:

  1. Stop Tomcat.

    systemctl stop netiq-tomcat.service

  2. Navigate to the conf directory for Tomcat, located by default in the following directories:

    Linux: /opt/netiq/idm/apps/tomcat/conf/

    Windows: C:\NetIQ\idm\apps\tomcat\conf

  3. Ensure that you have a keystore file in the conf directory. For example, tomcat.ks on Linux or idmapps.keystore on Windows.

    If you create the keystore file after performing this procedure, ensure that you use the same file name that you provide in this procedure. For more information, see Creating a Keystore and Certificate Signing Request.

  4. In a text editor, open the server.xml file from the conf directory.

  5. Configure SSL port for the Tomcat server.

    For example, connector port for SSL is 8543.

    Also, update the redirectPort attribute to 8543 and save server.xml.

    For example:

    <Connector port="https_port" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLSv1.2" keystoreFile="path_to_keystore_file" keystorePass="keystore_password" sslEnabledProtocols="TLSv1.2" />

  6. Start Tomcat.

    systemctl start netiq-tomcat.service