How to configure TC Server to use SSL

Home > Search > How-to
  by

By default, a clean installation of TC server includes support fot SSL / TLS. Simply navigate to https://www.examle.com:8443, and your secured Pivotal TC Server home page should be displayed.

 

Let’s say your TC Server application is accessed by navigating to https://www.example.com/myApp. In this scenario, $TCSERVER_HOME/profiles/myApp/conf/server.xml will contain an HTTPS connector. 

<Connector
        executor="tomcatThreadPool"
        port="8443"
        protocol="HTTP/1.1"
        connectionTimeout="20000"
        redirectPort="8443"
        acceptCount="100"
        maxKeepAliveRequests="15"
        keystoreFile="${nio-ssl.ssl.keystore.location}"
        keystorePass="${nio-ssl.ssl.keystore.password}"
        keyAlias="tcserver"
        SSLEnabled="true"
        scheme="https"
        secure="true"/>

 

Notice the location of the keystore is nio.ssl.ssl.keystore.location. The $TCSERVER_HOME/profiles/myApp/conf/catalina.properties file will contain the mapping to the keystore file. In this example, nio.ssl.ssl.keystore.location is tc-server-nio-ssl.keystore.

~]# cat catalina.properties
. . .
nio-ssl.ssl.keystore.location=conf/tc-server-nio-ssl.keystore

 

The keytool command can be used to view the contents of the keystore.

~]# keytool -list -keystore tc-server-nio-ssl.keystore

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

tc-server-nio-ssl, Aug 13, 2017, PrivateKeyEntry,
Certificate fingerprint (SHA1): 07:08:ec:e2:f7:3e:2c:1f:0b:27:0f:54:c1:c9:f0:d7:04:06:57:5a

 

The client will obtain the certificate in the keystore from TC Server to established a secured HTTPS connection. The client thumbprint should match the fingerprint in the keystore.



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments