Configuring Secure Connections with Tomcat Web Server

You need to be familiar with Tomcat and SSL configuration to perform this task.

Set up the Performance Manager default standalone Web server (Tomcat) to use SSL (Secure Sockets Layer).

To enable secure communication with Performance Manager:

  1. Log on to the Performance Manager server as an Administrator.
  2. Stop all Performance Manager services (application, chart, execution, and front-end servers).
  3. To generate a unique certificate for your Tomcat Web server, execute the following command in the Performance Manager Java directory: C:\Program Files\Silk\Silk Performance Manager 21.0\lib\jre\bin\keytool -genkey -alias tomcat -keyalg RSA. Note: The alias specifies the logical name in the keystore, for example tomcat or Silk. For additional information on Keytool, refer to the Java SE Technical Documentation.
  4. Specify a keystore password value of changeit. If you desire to use a unique password, specify it here.
  5. The keytool command prompt sequence will be similar to the following. Respond accordingly.
    What is your first and last name?
    [Unknown]: hostname (the name of the host as your users use it to access the system)
    What is the name of your organizational unit?
    [Unknown]: IT Department (if that is the group creating the certificate)
    What is the name of your organization?
    [Unknown]: Company Name
    What is the name of your City or Locality?
    [Unknown]: City
    What is the name of your State or Province?
    [Unknown]: State
    What is the two-letter country code for this unit?
    [Unknown]: US
    Is CN=xxxx, OU=xxxxxxx, O=xxxxxx, L=xxxxxxxxx, ST=xxxxx, C=xx correct?
    [no]: Yes (These values will reflect what you entered previously)
    Enter key password for <tomcat> same as keystore password
    (RETURN if same as keystore password):

    A file named .keystore is generated in the profile folder of the user you are logged in with, for example C:\Users\Administrator.

    Note: By default Tomcat will look for your Keystore with the file name.keystore in the home directory with the default password changeit. The home directory is generally /home/<username>/ on Unix and Linux systems, and C:\Users\<username>\ on Microsoft Windows systems.
  6. Move the .keystore file to a safe location of your choice.
    Note: On some operating systems, Tomcat may encounter problems if you use a location that contains space characters.
  7. Edit the Tomcat configuration file:

    Locate the server.xml file in the conf\frontendserver\conf subdirectory of the directory where Performance Manager is installed.

  8. Open the file in a text editor such as Notepad. Comment out the current Connector entry and add the following text:
    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
    <Connector port="8443" minSpareThreads="25" URIEncoding="UTF-8" compression="on"
    compressableMimeType="text/html,text/xml,text/plain,text/css,application/javascript,application/xml" 
    debug="0" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" 
    sslProtocol="TLS" keystorePass="changeit" keystoreFile="C:\<file location>\.keystore"/>
    
    Note: Make sure that the path specified in the keystoreFile parameter matches the location that you copied the .keystore file to. If you choose to use a different password other than changeit, you will need to add the keystorePass parameter to the server.xml file entry:
    <Connector port="8443" minSpareThreads="25" URIEncoding="UTF-8" compression="on"
    compressableMimeType="text/html,text/xml,text/plain,text/css,application/javascript,application/xml" 
    debug="0" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" 
    sslProtocol="TLS" keystorePass="newpassword" keystoreFile="C:\<file location>\.keystore"/>
    For more information, visit the Apache Tomcat 7 Documentation.
  9. Optional: Change the Port of the front-end server in the <Connector> tag from 19120 to the desired port.
  10. To enable BIRT reports on SSL environments, edit the registry key of the chart server in HKEY_LOCAL_MACHINE\SOFTWARE\(Wow6432Node)\Apache Software Foundation\Procrun 2.0\SPMChartServer210\Parameters\Java\Options. Add the following text to the key:
    -Djavax.net.ssl.trustStore=C:\<file location>\.keystore
    -Djavax.net.ssl.trustStorePassword=<Password>

    The <Password> is the keystorePass you have defined.

  11. Save the file and close the editor.
  12. Restart all services that were stopped at the beginning of this procedure.
  13. Log on to your Performance Manager server using HTTPS:
    https://hostname:8443/login