48.4 Updating the SSL Settings for the Application Server

The application server that hosts the identity applications and Identity Reporting needs to be configured to support SSL communication. This section provides instructions for updating a Tomcat application server, which is the default application server. For more information about updating JBoss or WebSphere, see the documentation for that application.

  1. Stop the application server.

    For example, /ect/init.d/idmapps_tomcat_init stop.

  2. Navigate to the conf directory for Tomcat, located by default at opt/netiq/idm/apps/tomcat/conf.

  3. Ensure that you have a keystore file in the /conf directory. For example, idmapps.keystore.

    If you create the keystore file after performing this procedure, ensure that you use the same file name that you provide in this procedure. For more information, see Section 48.5, Creating a Keystore and Certificate Signing Request.

  4. In a text editor, open the server.xml file in the conf directory.

  5. Add the following content to the server.xml file:

    <Connector port="port_number" protocol="org.apache.coyote.http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="path_to_file/filename.keystore" keystorePass="password" />

    For example:

    <Connector port="8643" protocol="org.apache.coyote.http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/opt/netiq/idm/apps/tomcat/conf/idmapps.keystore" keystorePass="IDMks123" />
  6. Start the application server.

    For example, /ect/init.d/idmapps_tomcat_init start.