One of the common requirements these days is to require that any web-based services are utilizing SSL/TLS for encryption and security.

For those who have those requirements when deploying the EMC Ionix IT Operations Intelligence (ITOI – aka SMARTS) Dashboard (tomcat), below should be very helpful. This takes you through getting a SSL certificate generated through a Microsoft Certificate (CA) authority, and enabling tomcat to leverage it on a Windows 2008 R2 ITOI install. Enjoy!

To request SSL Certificate request for the ITOI Dashboard, perform the following on the SAM CONSOLE/Dashboard server (keytool is available under <HOME>\CONSOLE\smarts\jre\bin  where <HOME> is your root install directory for ITOI such as c:\InCharge8):

1. keytool –genkey –alias tomcat –keyalg RSA –keystore <HOME>\console\smarts\tomcat\keystore

(Enter “changeit” as password both in the beginning and end, and FQDN for “First and Last name”)

2. keytool –certreq –keyalg RSA –alias tomcat –file certreq.csr –keystore <HOME>\console\smarts\tomcat\keystore

(Enter “changeit” as password)

3. Go to your CA Issuing authority server (in this case, a microsoft certificate server), and issue a new certificate in a Command Prompt. You must place the CSR file on that system first.

a. certreq –submit –attrib “CertificateTemplate:SubCA” certreq.csr     <– This command will create a new certificate named <something>.cer. You can also download it from your CA.
b. Download the CA ROOT Cert by going to the Certificate Authority snap-in on the CA server, and opening your certificate->Certification Path tab->Selecting your CA->Click on “View Certificate”->Details tab->Copy to File…  and save the certificate with a name like <rootca>.cer

Import the Issued Certificate and the CA ROOT certificate:
1. keytool –import –alias root –keystore <HOME>\console\smarts\tomcat\keystore –trustcacerts –file <rootca>.cer

(Enter “changeit” as password, then yes to accept CA Cert)

Import your new certificate:
1. keytool –import –alias tomcat –keystore <HOME>\console\smarts\tomcat\keystore –file <your new cert>.cer

(Enter “changeit as password)

Enable SSL keystore in Tomcat configuration and change to standard ports:
1. Edit the <HOME>\CONSOLE\smarts\tomcat\conf\server.xml file and ensure the following entry exists/is updated:

<Connector port=”8443” protocol=”HTTP/1.1” SSLEnabled=”true” maxThreads=”150” scheme=”https” secure=”true” clientAuth=”false” keystoreFile=”<HOME>\console\smarts\tomcat\keystore” keystorePass=”changeit” sslProtocol=”TLS” />

2. Replace any entries that have “8080” with “80”, and “8443” with “443”, although this is optional if you don’t have another application already using those ports.
3. Restart the EMC Ionix Servlet Engine service.

You can now test by bringing up a web browser and connecting to https://<dashboard>/webconsole

About the author:

Vinnie Lima

Vinnie Lima is the Managing Director for VVL Systems & Consulting, a small business focusing on IT Optimization for Cloud, Infrastructure, and End Users. Based out of Baltimore, Maryland, Vinnie Lima has over 21 years in IT Automation, Orchestration, and Cloud. Mr. Lima’s career has been focusing on helping customers drive value from their IT investments through the use of leading edge technologies and approaches, driving innovation in a wide spectrum of industries such as DoD, Federal, Health Care, and Financial.

facebook twitter linkedin instagram

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to our Newsletter
Stay informed with the latest technology news, industry events, and training offered by VVL Systems for free! Fill out this form and receive our newsletter delivered straight to your inbox.

See how VVL has helped clients leverage the latest technologies and agile capabilities.

Latest VVL and Industry News

BMC Helix: Know the Unknowns

Modern enterprise is moving at a speed and scale never seen before. Leaders in the IT industry are expected to…

Cloud Cost Surprises

Nobody has time for that Many organizations move to the cloud in hopes of saving money. However, this isn’t always…

Upcoming VVL and Industry Events

AWS re:Invent 2019

Join us for deep technical sessions, hands-on bootcamps, hackathons, workshops, chalk talks, keynotes, and of course, some uniquely Amazonian fun!…