Configuration of HTTPS Connections with Web Browsers

You can configure the Central Administration server to accept HTTPS connections from web browsers.

To configure this, provide Central Administration with an identity certificate and certificate password either through command line options when the Central Administration server is started or by setting configuration parameters in the Central Administration configuration file.

The syntax and use of these SSL configuration options are documented in Central Administration Server Options:

• Enable HTTPS using the --http-identity command line option, or through the related setting in the Central Administration configuration file. This option sets the path to a PKCS12 file or Java KeyStore providing the identity of the Central Administration server to browsers. When HTTPS is enabled, it replaces HTTP on the same port number.
• Provide the SSL password associated with the private key by setting the com.tibco.emsca.https.password parameter. The command line option --https-password is also available, but providing a password on the command line is not recommended and may pose a security risk. Use tibemsadmin -mangle to generate an obfuscated version before providing the password in either configuration file or command line.

For testing purposes, you can configure Central Administration with the identity file emsca_https_identity.p12 that is provided in the samples/certs directory and use the corresponding self-signed root certificate with your web browser. For restrictions and details, see the readme.txt file in the same directory.

Copyright © Cloud Software Group, Inc. All rights reserved.