One of the common requirements these days is to require that any web-based services are utilizing SSL/TLS for encryption and security.
For those who have those requirements when deploying the EMC Ionix IT Operations Intelligence (ITOI – aka SMARTS) Dashboard (tomcat), below should be very helpful. This takes you through getting a SSL certificate generated through a Microsoft Certificate (CA) authority, and enabling tomcat to leverage it on a Windows 2008 R2 ITOI install. Enjoy!
To request SSL Certificate request for the ITOI Dashboard, perform the following on the SAM CONSOLE/Dashboard server (keytool is available under <HOME>\CONSOLE\smarts\jre\bin where <HOME> is your root install directory for ITOI such as c:\InCharge8):
1. keytool –genkey –alias tomcat –keyalg RSA –keystore <HOME>\console\smarts\tomcat\keystore
(Enter “changeit” as password both in the beginning and end, and FQDN for “First and Last name”)
2. keytool –certreq –keyalg RSA –alias tomcat –file certreq.csr –keystore <HOME>\console\smarts\tomcat\keystore
(Enter “changeit” as password)
3. Go to your CA Issuing authority server (in this case, a microsoft certificate server), and issue a new certificate in a Command Prompt. You must place the CSR file on that system first.
a. certreq –submit –attrib “CertificateTemplate:SubCA” certreq.csr <– This command will create a new certificate named <something>.cer. You can also download it from your CA.
b. Download the CA ROOT Cert by going to the Certificate Authority snap-in on the CA server, and opening your certificate->Certification Path tab->Selecting your CA->Click on “View Certificate”->Details tab->Copy to File… and save the certificate with a name like <rootca>.cer
Import the Issued Certificate and the CA ROOT certificate:
1. keytool –import –alias root –keystore <HOME>\console\smarts\tomcat\keystore –trustcacerts –file <rootca>.cer
(Enter “changeit” as password, then yes to accept CA Cert)
Import your new certificate:
1. keytool –import –alias tomcat –keystore <HOME>\console\smarts\tomcat\keystore –file <your new cert>.cer
(Enter “changeit as password)
Enable SSL keystore in Tomcat configuration and change to standard ports:
1. Edit the <HOME>\CONSOLE\smarts\tomcat\conf\server.xml file and ensure the following entry exists/is updated:
<Connector port=”8443” protocol=”HTTP/1.1” SSLEnabled=”true” maxThreads=”150” scheme=”https” secure=”true” clientAuth=”false” keystoreFile=”<HOME>\console\smarts\tomcat\keystore” keystorePass=”changeit” sslProtocol=”TLS” />
2. Replace any entries that have “8080” with “80”, and “8443” with “443”, although this is optional if you don’t have another application already using those ports.
3. Restart the EMC Ionix Servlet Engine service.
You can now test by bringing up a web browser and connecting to https://<dashboard>/webconsole