Set up the
Performance Manager default standalone Web server (Tomcat) to use SSL (Secure Sockets Layer).
To enable secure communication with
Performance Manager:
-
Log on to the
Performance Manager server as an Administrator.
-
Stop all
Performance Manager services (application, chart, execution, and front-end servers).
-
To generate a unique certificate for your Tomcat Web server, execute the following command in the
Performance Manager Java directory:
C:\Program Files\Silk\Silk Performance Manager
19.0\lib\jre\bin\keytool -genkey -alias tomcat -keyalg RSA. Note: The
alias specifies the logical name in the keystore, for example
tomcat or
Silk.
For additional information on Keytool, refer to the
Java SE Technical Documentation.
-
Specify a keystore password value of
changeit.
If you desire to use a unique password, specify it here.
-
The keytool command prompt sequence will be similar to the following. Respond accordingly.
What is your first and last name?
[Unknown]: hostname (the name of the host as your users use it to access the system)
What is the name of your organizational unit?
[Unknown]: IT Department (if that is the group creating the certificate)
What is the name of your organization?
[Unknown]: Company Name
What is the name of your City or Locality?
[Unknown]: City
What is the name of your State or Province?
[Unknown]: State
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=xxxx, OU=xxxxxxx, O=xxxxxx, L=xxxxxxxxx, ST=xxxxx, C=xx correct?
[no]: Yes (These values will reflect what you entered previously)
Enter key password for <tomcat> same as keystore password
(RETURN if same as keystore password):
A file named
.keystore is generated in the profile folder of the user you are logged in with, for example
C:\Users\Administrator.
Note: By default Tomcat will look for your Keystore with the file name
.keystore in the home directory with the default password
changeit. The home directory is generally
/home/<username>/ on Unix and Linux systems, and
C:\Users\<username>\ on Microsoft Windows systems.
-
Move the
.keystore file to a safe location of your choice.
Note: On some operating systems, Tomcat may encounter problems if you use a location that contains space characters.
-
Edit the Tomcat configuration file:
Locate the
server.xml file in the
conf\frontendserver\conf subdirectory of the directory where
Performance Manager is installed.
-
Open the file in a text editor such as Notepad. Comment out the current
Connector entry and add the following text:
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector port="8443" minSpareThreads="25" URIEncoding="UTF-8" compression="on"
compressableMimeType="text/html,text/xml,text/plain,text/css,application/javascript,application/xml"
debug="0" scheme="https" secure="true" SSLEnabled="true" clientAuth="false"
sslProtocol="TLS" keystorePass="changeit" keystoreFile="C:\<file location>\.keystore"/>
Note: Make sure that the path specified in the
keystoreFile parameter matches the location that you copied the
.keystore file to. If you choose to use a different password other than
changeit, you will need to add the
keystorePass parameter to the
server.xml file entry:
<Connector port="8443" minSpareThreads="25" URIEncoding="UTF-8" compression="on"
compressableMimeType="text/html,text/xml,text/plain,text/css,application/javascript,application/xml"
debug="0" scheme="https" secure="true" SSLEnabled="true" clientAuth="false"
sslProtocol="TLS" keystorePass="newpassword" keystoreFile="C:\<file location>\.keystore"/>
For more information, visit the
Apache Tomcat 7 Documentation.
-
Optional: Change the
Port of the front-end server in the
<Connector> tag from
19120 to the desired port.
-
To enable BIRT reports on SSL environments, edit the registry key of the chart server in
HKEY_LOCAL_MACHINE\SOFTWARE\(Wow6432Node)\Apache Software Foundation\Procrun 2.0\SPMChartServer190\Parameters\Java\Options. Add the following text to the key:
-Djavax.net.ssl.trustStore=C:\<file location>\.keystore
-Djavax.net.ssl.trustStorePassword=<Password>
The
<Password> is the
keystorePass you have defined.
-
Save the file and close the editor.
-
Restart all services that were stopped at the beginning of this procedure.
-
Log on to your
Performance Manager server using HTTPS:
https://hostname:8443/login