How to configure Endpoint Management to use SSL

Document ID : KB000010364
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

When Endpoint Management is installed standalone/without the ENTM, it is not configured to use SSL.

This document demonstrates how to configure the Endpoint Management web front end to use SSL/HTTPS

Instructions:

1) Generate a new self-signed certificate for Endpoint Management. In a command prompt run, where <JDK> is the location where the jdk used by jboss is installed, e.g. C:\jdk1.7.0.

 

keytool -genkey -alias acem -keyalg RSA -validity 365 -keystore <JDK>\jre\lib\security\cacerts 

 

When prompted for a password, the password is:  

changeit 

 

Follow the prompts to create the certificate for you and your organization. 

 

2) Edit <jboss>\server\default\deploy\jboss-web.deployer\server.xml 

 

Find the following: 

 

<!-- 

<Connector port="18443" protocol="HTTP/1.1" SSLEnabled="true" 

maxThreads="150" scheme="https" secure="true" 

clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"/> 

--> 

 

Uncomment it and point it towads the keystore from step 1. It should look like the following where <JDK> is the location where the jdk used by jboss is installed, e.g. C:/jdk1.7.0. Please note that you should use forward slashes (/) instead of backslashes (\) in paths: 

 

<Connector port="18443" protocol="HTTP/1.1" SSLEnabled="true" 

maxThreads="150" scheme="https" secure="true" 

clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8" 

keystoreFile="<JDK>/jre/lib/security/cacerts" keystorePass="changeit"/> 

 

3) Stop the jboss service 

 

4) Delete <jboss>\server\default\tmp and <jboss>\server\default\work 

 

5) Start the jboss service

 

6) When jboss is started, go to https://<server>:18443/acem/ in a browser