Configure the Secure Socket on the OneClick Server

As a final step in configuring the OneClick web server for SSL, configure the secure socket on the OneClick web server host.
casp1031
As a final step in configuring the OneClick web server for SSL, configure the secure socket on the OneClick web server host.
Follow these steps:
  1. Shut down the OneClick web server:
    • Linux
      As root: <
      $SPECROOT
      >/tomcat/bin/stopTomcat.sh
    • Windows
      Enter the following command from a command prompt:
      C:\> net stop spectrumtomcat
  2. Open
    <$SPECROOT>
    /tomcat/conf/server.xml in a text editor.
  3. Locate the following section in the server.xml file:
    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 443 --> <!-- <Connector port="443" minProcessors="5" maxProcessors="75" enableLookups="true" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="<SPECROOT>/custom/keystore/cacerts" keystorePass="changeit"> </Connector> -->
    By default the <Connector> element in the section is commented out. Uncomment this section and change clientAuth="false" to clientAuth="true".
    The preceding XML fragment is Windows-specific. This example specifies 443 as the default port where the OneClick web server listens for SSL communications. You can omit the port from the URL for accessing the OneClick home page:
    https://<fully_qualified_host_name>/spectrum
    On a UNIX-based installation, the OneClick web server is not run as root, and the default port is 8443 (it must be greater than 1024).
  4. Specify the port number in the web browser when you enter the URL to access the OneClick home page:
    https://<fully_qualified_host_name>:8443/spectrum
  5. Remove the comments around the Connector definition. Make the definition active by deleting the “<!--” and “-->” tags that surround this section.
  6. Replace
    <$SPECROOT>
    with the actual path as follows:
    • Linux
      /usr/SPECTRUM
    • Windows
      C:/win32app/SPECTRUM
  7. Change clientAuth to “true”.
    Changing this setting to "true" is a key component of the
    CA Spectrum
    Common Access Card solution. You can configure
    CA Spectrum
    for SSL without ClientAuth. However, this parameter must be set to "true" to enable
    CA Spectrum
    Common Access Card authentication. For more information, see OneClick Administration section.
  8. Save and close the server.xml file.
  9. Start the OneClick web server using one of the following commands, depending on the platform you are using:
    • Linux
      As root:
      <$SPECROOT>
      /tomcat/bin/startTomcat.sh
    • Windows
      From a command prompt:
      C:\> net start spectrumtomcat
    The secure socket is now configured.