Previous blogs we have discussed about enabling SSO for BMC products, generating and signing SSL certificate. In this section we discuss how to configure tomcat with SSL certificate.
Previous blogs we have discussed about enabling SSO for BMC products, generating and signing SSL certificate. In this section we discuss how to configure tomcat with SSL certificate.
Configure Tomcat with SSL
1. Stop tomcat services
2. Go to the installation directory of Tomcat server and copy the back up of server.xml file
3. Find the following section and edit as follows.
<Connector port=”8443″ protocol=”org.apache.coyote.http11.Http11Protocol” SSLEnabled=”true”
maxThreads=”300″ scheme=”https” secure=”true”
maxHttpHeaderSize=”32768″
clientAuth=”false” sslProtocol=”TLS” ciphers=“TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA”
keystoreFile=”D:\Program Files\BMC Software\AtriumSSO\tomcat\conf\keystore.p12″
keystorePass=”changeit”
keyAlias=”AtriumSSO”
truststoreFile=”D:\Program Files\BMC Software\AtriumSSO\tomcat/conf/cacerts.p12″
truststorePass=”changeit”
truststoreType=”PKCS12″ />
If you don’t want Tomcat to use the default SSL port, change all instances of the port number “8443” to custom port.
4. Start Tomcat
Note:Due to Logjam vulnerability issue (https://weakdh.org/) modern browsers disabled DH support, you may receive ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY error in Chrome (>v45) and Firefox (>v39). You can disable weak ciphers in tomcat server.xml as shown above.
BMC Analytics SSO Agent Manual Deployment
If you use Atrium SSO integration installer with customised tomcat port then installer may not able determine the tomcat port number. Such cases you can follow the below command to deploy the Atrium SSO agent manually. After executing the below command login to SSO Admin console and verify the agents status.
C:\Program Files (x86)\BMC
Software\BMCAnalyticsForBSM\BSMAnalytics\jvm\jre\bin\java.exe” -jar deployer.jar –container-type TOMCATv7 –install –atrium-sso-url
https://<Atrium SSO URL>:8443/atriumsso –admin-name amadmin –container-base-dir “D:\Program Files (x86)\SAP BusinessObjects\tomcat”
–admin-name amadmin –admin-pwd <sdsds> –web-app-url https://<ANALYTICS URL>:8443/BI –web-app-logout-uri https://<Atrium SSO URL>:8443/atriumsso/UI/Logout?realm=BmcRealm