Cisco Cisco Workload Automation 6.3 Installation Guide
74
Installing the Client Manager
Configuring SSL
3.
Find the segment of SSL connector that looks like the following. Uncomment the segment by removing "<!--" at
the beginning and "-->" at the end.
the beginning and "-->" at the end.
<!--
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.security.SslSelectChannelConnector">
<Set name="Port">8443</Set>
<Set name="truststore">config/demo-keystore</Set>
<Set name="keystore">config/demo-keystore</Set>
<Set name="trustPassword">OBF:1vny1ym91x1b1z...</Set>
<Set name="password">OBF:1vny1ym91x1b1z7e1vu...</Set>
<Set name="keyPassword">OBF:1u2u1vn61z0p1yt4...</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="acceptors">2</Set>
<Set name="statsOn">true</Set>
<Set name="lowResourceMaxIdleTime">5000</Set>
<Set name="lowResourcesConnections">5000</Set>
</New>
</Arg>
</Call>
-->
4.
Save the file and start the Client Manager.
5.
Open a web browser on the Client Manager host system and enter the URL of CWA Web Client with HTTPS protocol,
as seen below:
as seen below:
https://localhost:8443/client
Note: You may be prompted with a message about the site does not have a trusted certificate. This is because the demo
certificate is not signed by a certificate authority. It is only for demo purpose and not meant to be used in production
server. You may instruct the browser to proceed.
certificate is not signed by a certificate authority. It is only for demo purpose and not meant to be used in production
server. You may instruct the browser to proceed.
Your browser is now communicating with the Client Manager via HTTPS protocol.
Configuring SSL Using Your Own Certificate
To configure SSL using your own certificate:
1.
Obtain the server key and certificate:
You may generate key and certificate by yourself or obtain them from a trusted certificate authority (CA):
a.
Generating key and certificate.
There are various tools that allow you to generate keys and certificates, among them the Java Keytool that comes
with JRE installation.
with JRE installation.
Java Keytool Example: generating key and certificate in a keystore
keytool -keystore my_keystore -alias tescm -genkey -keyalg RSA
Once you have the keystore, you can follow the instructions in Step 2 to configure SSL connector for the Client
Manager. However, your certificate will not be trusted by web browser and user will be prompted to this effect. To
set up a production grade server, you must request a well known certificate authority (CA) to sign your
key/certificate.
Manager. However, your certificate will not be trusted by web browser and user will be prompted to this effect. To
set up a production grade server, you must request a well known certificate authority (CA) to sign your
key/certificate.
b.
Obtaining key and certificate from a trusted CA.
There are many trusted CA's, such as AddTrust, Entrust, GeoTrust, RSA Data Security, Thawte, VISA, ValiCert,
Verisign, beTRUSTed. Each CA has its own instructions which should be followed (look for JSSE section), but all will
involve a step to generate a certificate signing request (CSR).
Verisign, beTRUSTed. Each CA has its own instructions which should be followed (look for JSSE section), but all will
involve a step to generate a certificate signing request (CSR).