HTTPS Configuration
Overview
The iProcess Administration Console is configured by default to use HTTPS. However, the default SSL certificate used by the HTTPS configuration is self-signed. TIBCO recommends replacing the default SSL certificate with a certificate from a trusted and secure certificate authority.
The following section lists steps to configure a new SSL certificate on Tomcat.
Configuring a New SSL Certificate
To enable a new custom SSL certificate for Tomcat, perform the following steps:
|
1.
|
Setup the environment to run iProcess Engine |
|
2.
|
Stop the iProcess Administration Console by running the following command:
cmd>ipac stop |
|
3.
|
Edit $SWDIR/tomcat/conf/server.xml file to include the following changes. |
|
a.
|
Look for the following line in the server.xml file. This line is available between the </Engine> and </Service> tags.<Connector SSLEnabled="true" acceptCount="100" clientAuth="false" disableUploadTimeout="true" enableLookups="false" maxThreads="25" port="8443" keystoreFile="path/to/ipac.keystore" keystorePass="password" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" sslProtocol="TLS" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"/> |
|
b.
|
In this line, replace the keystoreFile value to point to the complete path of the keystore file. This keystore file can be obtained from the certification authority. |
|
c.
|
Replace the keystorePass value with the valid password used while generating the certificate. |
|
4.
|
Start iProcess Administration Console by running the command:
cmd>ipac start |