Configuring Java CAPS for SSL Support

Importing the Domain Certificate

After you perform the steps in Creating the Keystore and Trust Store, you must import the certificate of the application server domain into the trust store.

In addition, you must perform the following edits to files on the Enterprise Manager server:

The examples in this topic show passwords being entered on the command line. You can omit these passwords, and be prompted to enter them.

ProcedureTo Import the Domain Certificate

  1. Go to the computer where the application server is installed.

  2. Navigate to the JavaCAPS-install-dir/appserver/domains/domain-name/config directory.

  3. Export the domain certificate to a file.


    keytool -export -alias s1as -file ascert.cer -keystore keystore.jks -storepass changeit

    The certificate is stored in the file that you specified.

  4. Copy the file to the directory that you created in Creating the Keystore and Trust Store.

  5. Import the domain certificate into the trust store that you created in Creating the Keystore and Trust Store.


    keytool -import -v -trustcacerts -alias s1as -keypass changeit -file ascert.cer 
    -keystore cacerts.jks -storepass changeit

    The certificate is added to the trust store.

  6. Using a text editor, open the server.xml file in the JavaCAPS-install-dir/emanager/server/conf directory.

  7. Within the <Service> element, comment out the first <Connector> element.

  8. Comment in the second <Connector> element. Add the keystoreFile and keystorePass attributes.

    Set the value of the keystoreFile attribute to the fully qualified name of the keystore that you created in Creating the Keystore and Trust Store. Set the value of the keystorePass attribute to the corresponding password.


    <Connector port="8443"
       maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
       enableLookups="false" disableUploadTimeout="true"
       keystoreFile="C:\JavaCAPS6\keystore\keystore.jks"
       keystorePass="changeit"
       acceptCount="100" debug="0" scheme="https" secure="true"
       clientAuth="false" sslProtocol="TLS" />
  9. Save the server.xml file.

  10. Using a text editor, open the startserver batch file in the JavaCAPS-install-dir/emanager directory.

  11. Add the javax.net.ssl.trustStore option. Set the value to the fully qualified name of the trust store that you created in Creating the Keystore and Trust Store.


    set JAVA_OPTS=-Xmx512m -Djavax.net.ssl.trustStore=C:\JavaCAPS\keystore\cacerts.jks
  12. Save the startserver batch file.