I am trying to enable the SSL connection for the WAMUI using my own certificates instead of the default certificate. I have followed the technical document TEC562435 but it does not address my specific requirements.
For deploying your certificate(s) to the Siteminder WAM UI the server.xml of the embedded JBOSS needs to be edited following the instructions below. If you are running the WAM UI on your own application server you would need to follow that vendors documentation and amend our instructions accordingly.
The parameters that need to be modified are: keyAlias, keystoreFile, keystoreType, keystorePass (the last four parameters).
section in Server.xml:
- Stop "SiteMinder Administrative UI" Service and take a backup of Server.xml before making edits (from <SiteMinderInstallation>\adminui\server\default\deploy\jbossweb.sar)
- Change keystoreFile="jsse.keystore" to keystoreFile="<customer KeyStore with Location>"
Note : If Location is not recognizable or WAMUI is not working, place the keystore file in <SiteMinderInstallation>\adminui\server\default\deploy\jbossweb.sar folder
If you already have another type of keystore file, the keystoreType field needs to be specified accordingly. In case of questions please refer to the JBoss documentation . If you do not have a keystore, it can be created using keytool .
- Change keystoreType="jks" if your keystore is of a different type.
- Change keyAlias="tomcat" to keyAlias="<customer Alias>"
The alias can be viewed using the keytool command that comes with the Siteminder JDK.
- Change keystorePass="changeit" to keystorePass="<customer keystore password>"
- Restart the Service "SiteMinder Administrative UI" and access the Siteminder Web Admin UI.
Please also refer to the aforementioned TEC562435 regarding how to secure the UI using SSL