Set Up HTTPS

By default, Single Sign-On uses HTTP for communications between the browser and capm. TLS (Transport Layer Security) and its predecessor, SSL (Secure Sockets Layer), are widely supported encryption protocols that secure data transmissions over the Internet. TLS and SSL can be used with HTTP to form HTTPS (HTTP-Secure). This guide uses SSL as a blanket term to mean "TLS and SSL."
capm360
By default, Single Sign-On uses HTTP for communications between the browser and
CA Performance Management
. TLS (Transport Layer Security) and its predecessor, SSL (Secure Sockets Layer), are widely supported encryption protocols that secure data transmissions over the Internet. TLS and SSL can be used with HTTP to form HTTPS (HTTP-Secure). This guide uses
SSL
as a blanket term to mean "TLS and SSL."
Older HTTPS ciphers and protocols (TLS v1.0, v1.1 and SSL v3) are no longer supported by default. TLS v1.2 is the only cipher suite offered by default.
You can enhance the security in your monitoring system by configuring Single Sign-On to use HTTPS instead of HTTP.
Configuring CA Single Sign-On to use HTTPS is optional. Before you can configure the Single Sign-On website to use HTTPS, you must obtain a server certificate. The team that creates and enforces security policies for your organization can probably assist you with these steps.
Enhance the security in your monitoring system by configuring Single Sign-On to use HTTPS instead of HTTP. To enable HTTPS for CA Single Sign-On, first enable SSL for
Performance Center
:
  1. Install the certificates that validate the identity of the server.
  2. Change the database to ensure that
    Performance Center
    properly redirects to the correct port and scheme for Single Sign-On, and the reverse.
  3. Change the services for both
    Performance Center
    and Single Sign-On to reflect the new ports and schemes.
Two ports are important for these steps: the
Performance Center
port (which defaults to 8181) and the Single Sign-On port (which defaults to 8381). Port 8181 is the
Performance Center
connection port. If users require authentication, the server redirects them to Single Sign-On on port 8381, where they see the Login page. Once a user has successfully logged in, the server redirects that user back to the original URL at port 8181.
Therefore, you cannot use the same port in each configuration step. Otherwise, a conflict occurs between
Performance Center
and Single Sign-On.
You can enable HTTPS using the SSL configuration tool, or you can configure SSL manually.
To enable HTTPS for
Performance Center
and Single Sign-On with the SSL configuration tool, see Enable Performance Center to use SSL.
To enable HTTPS for
Performance Center
and Single Sign-On manually, complete the following steps:
To enable HTTPS for the Data Aggregator, complete the following steps: