2 Replies Latest reply on Feb 12, 2013 10:12 AM by Don Kim

    Enable SSL on CLM Portal



      Does anyone have any document/guideline about enabling SSL on CLM Mid-Tier servers with third part SSL ? As per Apache Tomcat SSL implementation guide I was trying with keytool but I am getting JAVA.Security exception error, eventhough I have root access.


      Thanks and Regards

      Binu Nittadakkan

        • 1. Enable SSL on CLM Portal
          Aryan Anantwar

          Hi Binu,


          We can Enable SSL on CLM Mid-Tier, after all its nothing bust, tomcat web server.


          I have tried it with keytool and its working fine.


          I have tomcat 6 in my CLM Setup.


          You can Follow the steps mentioned below to enable SSL on CLM Mid-Tier:


          1. Run the keytool utility



          keytool -genkey -alias tomcat -keyalg RSA


          Enter keystore password:  changeit

          What is your first and last name?

            [Unknown]: CLM-MIDTIER

          What is the name of your organizational unit?

            [Unknown]:  cs144

          What is the name of your organization?

            [Unknown]: VYOM

          What is the name of your City or Locality?

            [Unknown]: Pune

          What is the name of your State or Province?

            [Unknown]: MH

          What is the two-letter country code for this unit?

            [Unknown]: India

          Is CN=CLM-MIDTIER, OU=cs144, O=Vyom, L=pune, ST=MH, C=India correct?

            [no]:  yes


          Enter key password for <tomcat>

          (RETURN if same as keystore password):





          • Type password for keystore, which is "changeit".
          • [firstname and lastname] give the fully qualified host name.In this project, you will have to use localhost becuase this is the machine name that you use to access the Tomcat server from the VM.
          • You need type some information about your organization, location, etc. (You can make it up as you like)

          When you execute the above command, keytool will generate a public key and private key pair and store it to your keystore file.



          Next step is to change your $CATALINA_HOME/conf/server.xml file to enable the SSL connection,


          An example <Connector>element for an SSL connector is already included in the default server.xml file, which looks something like this:

              <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
               <!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
                     maxThreads="150" scheme="https" secure="true"
                     clientAuth="false" sslProtocol="TLS" />
          Remove the comment around <Connector> node. (Red code) to enable SSL.

          Now that everything is ready, you need to restart your Tomcat server.


          To Stop use command:

          > $CATALINA_HOME/bin/catalina.sh stop


          To Start use command:

          > $CATALINA_HOME/bin/catalina.sh start

          Test Your https:

          Go to brwoswer & try

          (in your case ur appropirate hostname)




          These steps work for me fine.


          if you have any more issue with it, plz share.


          also go through this link, will helpful to understand how to enable SSL in Tomcat 6







          1 of 1 people found this helpful
          • 2. Re: Enable SSL on CLM Portal
            Don Kim



            Im pretty sure the Java execption error is due to the passphrase. A giveaway is that if you are unable to start/restart apache with that config. It does not like(support) the encryped passphrase on the keyfile. Use open ssl to remove the key or generate key without pasphrase:


            openssl rsa -in <filename1>.key -out <filename2>.key


            Look for error: "SSLPassPhraseDialog builtin is not supported on Win32" in your logs.


            Good luck!