Can you secure JBOS with SSL?

Document ID : KB000033545
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

Is there a way to secure JBOS with SSL? Running a port scan vulnerability report shows indicate plain text data being passed through the connection.

Answer:

Please ensure RO81395 is applied.

To have a secure connection, we need SSL enabled.

To setup SSL in Compliance Manger under Chorus, edit the cmgr_config.xml:

Obtain the value of the CATALINA_HOME environment variable. CATALINA_HOME is defined in the data set specified by the STDENV DD.

Find the configuration files that you need to modify for your system:

The CA Top Secret configuration file:
$CATALINA_HOME/webapps/VantageGMI/conf/tss/tss_config.xml

The CA Compliance Manager configuration file:
$CATALINA_HOME/webapps/cmgr/conf/cmgr/cmgr_config.xml

Within each configuration file, find the <server_info> block that contains connection information for your CA LDAP Server for z/OS.

Add <useTLS>true</useTLS> to the <server_info> block, as shown in the following example:

<tss classpath="com.ca.vantage.esmldap.EsmLdapTree" loginpage="/pages/esm/tss/login.jsp">
<tree id="258366f83beacc96c947354e4b90c24f" desc="CA TSS">
<server_info>
<host>ldap-server-hostname.yourcompany.com</host>
... (Various configuration directives appear here.) ...
<useTLS>true</useTLS>
</server_info>
</tree>
</tss>


Restart the CA Compliance Manager server.

 

Additional Information:

Please see the CA DSI Product Guide Chapter 4 which discusses setting up SSL.