Configure Performance Center to Use HTTPS

To configure
CA Performance Center
to use HTTPS, edit the configuration files with the website and port settings and replace the HTTP connector with an HTTPS connector.
capm370
To configure
CA Performance Center
to use HTTPS, edit the configuration files with the website and port settings and replace the HTTP connector with an HTTPS connector.
By default, TLS v1.2 is the only cipher suite offered. Older HTTPS ciphers and protocols, such as TLS v1.0, v1.1, and SSL v3, are not supported.
Follow these steps:
  1. Change to the following directory:
    cd /
    InstallDirectory
    /PerformanceCenter/PC
    /opt/CA
    is the default installation directory.
  2. Edit the
    start.ini
    file and apply the following changes:
    • Find the following lines and update them, as follows:
      Original Text
      # To enable ssl, modify this line to use module https # Module: http --module=http
      New Text
      # To enable ssl, modify this line to use module https # Module: https --module=https
      Original Text
      # To enable ssl, uncomment this line module # Module: ssl #--module=ssl #etc/ssl-lucky13.xml
      New Text
      # To Enable ssl, uncomment this line module # Module: ssl --module=ssl etc/ssl-lucky13.xml
    • If
      CA Performance Center
      is not installed in the default installation directory location, update the directory path.
  3. Add the port and password information to the
    PC/start.d/ssl.ini
    file:
    # SSL
    # define the port to use for secure redirection
    jetty.ssl.port=8182
    jetty.https.port=8182
    jetty.httpConfig.securePort=8182
    # Set up a keystore and truststore
    jetty.sslContext.keyStoreType=JKS
    jetty.sslContext.keyStorePath=etc/
    keystore_file
    .ks
    jetty.sslContext.trustStorePath=etc/
    keystore_file
    .ks
    # Set up passwords
    jetty.sslContext.keyStorePassword=
    password
    jetty.sslContext.keyManagerPassword=
    password
    jetty.sslContext.trustStorePassword=
    password
  4. Specify the following values from the SSL certificate setup:
    • keystore_file
      .ks
      Specify the name of the keystore file that is used to store the certificate.
      The keystore file must be in the
      etc
      directory.
    • password
      Specify the password for the keystore that is selected when creating the certificate.
      By default, the password values for the
      jetty.sslContext.keyStorePassword
      ,
      jetty.sslContext.keyManagerPassword
      , and
      jetty.sslContext.trustStorePassword
      parameters are stored in plain text. However, you can obfuscate them.
      For more information, see Obfuscate Jetty Passwords.
  5. Change to the following directory:
    cd /InstallationDirectory/CA/PerformanceCenter/sso/webapps/sso/configuration
  6. Edit the
    CAPerformanceCenter.xml
    file.
  7. Replace the
    Scheme
    and
    Port
    values with settings that are appropriate for SSL:
    <?xml version="1.0" encoding="utf-8" ?>
    <Configuration>
    <SingleSignOnEnabled>True</SingleSignOnEnabled>
    <SingleSignOnProductCode>pc</SingleSignOnProductCode>
    <SignInPageProductDefaultUrl>
    <Scheme>
    https
    </Scheme>
    <Port>
    8182
    </Port>
    <PathAndQuery>/pc/desktop/page</PathAndQuery>
    </SignInPageProductDefaultUrl>
    <SingleSignOnWebServiceUrl>
    <Scheme>
    https
    </Scheme>
    <Port>
    8182
    </Port>
    <PathAndQuery>/pc/center/webservice/sso</PathAndQuery>
    </SingleSignOnWebServiceUrl>
    </Configuration>
  8. Edit the
    CADataAggregator.xml
    file.
  9. Replace the
    Scheme
    and
    Port
    values for
    SingleSignOnWebServiceUrl
    with settings that are appropriate for SSL. Do not change values for
    SignInPageProductDefaultUrl
    :
    <?xml version="1.0" encoding="utf-8" ?>
    <Configuration>
    <SingleSignOnEnabled>True</SingleSignOnEnabled>
    <SingleSignOnProductCode>da</SingleSignOnProductCode>
    <RemoteWebSite>True</RemoteWebSite>
    <SignInPageProductDefaultUrl>
    <Scheme>http</Scheme>
    <Port>8581</Port>
    <PathAndQuery>/</PathAndQuery>
    </SignInPageProductDefaultUrl>
    <SingleSignOnWebServiceUrl>
    <Scheme>
    https
    </Scheme>
    <Port>
    8182
    </Port>
    <PathAndQuery>/pc/center/webservice/sso</PathAndQuery>
    </SingleSignOnWebServiceUrl>
    </Configuration>