Enabling HTTPS support for the Cleo Dashboards

The following steps describe how to configure and enable the HTTPS protocol for your Cleo Dashboards installation. Primary steps include:

  1. Generating a KeyStore and listing certificate details.
  2. Modifying the server.xml file by adding a connector element to support SSL or HTTPS connection.

Generating a KeyStore

Use the Java Keytool command to create a self-signed certificate. Assign a password and complete the details for the certificate.
Note: an installed JDK is required to use Java Keytool.
$DashboardInstallationmrc\production\m-power\tomcat\bin> keytool -genkey -alias cleo -keyalg RSA -keystore c:\dashboardKeyStore

Enter keystore password:
Re-enter new password:
What is your first and last name?[Unknown]: any
What is the name of your organizational unit?
//omitted to save space
[no]: yes
Enter key password for <cleo> (RETURN if same as KeyStore password):
Re-enter new password:

Result:You have created the dashboardKeyStore certificate, located at c:\

Listing Certificate Details

Once again, use the Java Keytool command to list the details for the existing certificate.

$DashboardInstallation\mrc\production\m-power\tomcat\bin> keytool -list -keystore c:\dashboardKeyStore
Enter keystore password:
Keystore type: JKS
Keystore provider: SU
Your keystore contains 1 entry
msmith, 14 December 2013, PrivateKeyEntry,
Certificate fingerprint (MD5): C8:DD:A3:AF:7F:55:A0:7F:3E:98:10:DE:8B:63:1B:A5

Modify the server configuration file (server.xml)

Locate and edit the Tomcat server configuration file.

$DashboardInstallation\mrc\production\m-power\Tomcat\conf\server.xml

Specify a password for the for the keystorePass field. You have two options:
  1. Specify plain text as the password
  2. Specify an encrypted password

If specifying plain text, then modify it by adding a connector element to support SSL or HTTPS connection.

//...
<!--Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -->
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
          maxThreads="150" scheme="https" secure="true"
          clientAuth="false" sslProtocol="TLS"
keystoreFile="c:\dashboardKeyStore"
keystorePass="password"/>
//...

//...
Note: keystorePass="password" is the same password you assigned to your keystore via the keytool command in the first part of this procedure (Generating a Keystore).
  • Uncomment the existing section.
  • Add KeystoreFile.
  • Add KeystorePass.
  • Re-start the Dashboard server to complete the configuration.

If specifying an encrypted password, then take these steps:
  1. Run the utility passwordencrypt.bat or sh to encrypt the keystore password. This can be found in <DashboardInstallation>\mrc\production\m-power\tomcat\bin .
  2. Use the encrypted password in the keystorePass field of the Connector element of the server.xml file. (Example shown here)
    <!-- <Connector port="8443" protocol="com.cleo.tomcat.Http11Nio9Protocol" SSLEnabled="true"
                   maxThreads="150" scheme="https" secure="true"
                   clientAuth="false" sslProtocol="TLS" 
            keystoreFile="" keystorePass="DgkD/BpSrrV/0evyR71w+A"/> -->

For more information:

http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html