configure SSL for OD Admin Server

System

To enable HTTPS access of OD admin server, following steps are necessary.


1. Download JSSE1..0.3 from SUN's web site at http://java.sun.com/products/jsse/index-103.html. This should include three jars
(jsse.jar, jcert.jar, jnet.jar) in lib directory of the expanded download.

2. Add JSSE jars to ${AdminServer}/servletd/java1.3/jre/lib/ext
where AdminServer is the installation directory of OD Admin Server.

3.. Edit file java.security in the directory: ${AdminServer}/servletd/java1.3/jre/lib/security.
That is, adding new provider under the following section:

# List of providers and their preference orders (see above):
security.provider.3=com.sun.net.ssl.internal.ssl.Provider

4. execute:

keytool -genkey -alias tomcat -keyalg RSA

when asked for password, input "changeit", and use same password for storepass at the end of inputs. This will generate a keystore named .keystore in ${user.home}. Tomcat default configuration will pick it up as the server certificate with the default password.

4.1 (optional: if customer insists)
you may choose different keystore location and password by executing:

keytool -genkey -alias tomcat -keyalg RSA -keystore filepathyouchoose

when asked for password, input your choice but keep the storepass the same password (when asked at the end of inputs).

5. For 4., you just need to uncomment following in server.xml:
<!--
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler" value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
<Parameter name="port" value="8443"/>
<Parameter name="socketFactory" value="org.apache.tomcat.net.SSLSocketFactory" />
</Connector>
-->

and finally restart AdminServer. For testing, do not forget to type https (NOT http) e.g. https://localhost:8443/iw/opendeploy

5.1 For 4.1, uncomment and edit the uncommented section as follows:
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler" value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
<Parameter name="port" value="8443"/>
<Parameter name="socketFactory" value="org.apache.tomcat.net.SSLSocketFactory" />
<Parameter name="keystore" value=filePathYouUse />
<Parameter name="keypass" value=passwordYouUse />
</Connector>

restart AdminServer.

This is only needed for standalone OD Admin Server installation. If OD Admin (opendeploy.war) is installed in a Teamsite servlet container, there is no such need since TS supports SSL via apache already.