HP-UX AAA Server A.07.01 Administrator's Guide
1. Generate a certificate for Tomcat to establish the SSL connection. Use the following
steps to create a self-signed certificate with the Java command line keytool utility:
1. Remove $HOME/.keystore if it already exists
2. Enter the following command:
$ export JAVA_HOME=/opt/java1.4
3. Enter the following command:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
4. Enter a password for the key store when prompted.
5. Enter the certificate information (company, contact name, etc.), when
prompted. This information must be accurate because it is displayed to users
who attempt to administer Server Manager.
6. Enter a password for the key when prompted. Use the same password you
used for the key store
2. Uncomment the following underlined comments in /opt/hpws/tomcat/conf/
server.xml:
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="10" debug="0" scheme="https" secure="true"
useURIValidationHack="false"
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS" />
</Connector>
-->
3. Add the keystorePass attribute to the uncommented field in /opt/hpws/
tomcat/conf/server.xml to establish the key store and key password on
Tomcat. Add the keystorePass attribute as shown in the following:
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS"
keystorePass="<password>" />
IMPORTANT: Replace <password> with the password used to generate the
keystore in Step 1.
4. Stop and start Tomcat:
• Stop -/opt/hpws/tomcat/bin/shutdown.sh
• Start - /opt/hpws/tomcat/bin/startup.sh
5. Point your web browser to:
https://<hostname>:8443/aaa
Securing the HP-UX AAA Server 57