We recommend that you enable SSL for the PowerDesigner Web server in order to encrypt
its communications with client browsers.
Procedure
- Open a command prompt with administrator's privileges and navigate to
JAVA_HOME/bin, where your keytool is
located.
- Create a self-signed key pair to identify the server:
keytool -genkeypair -alias serverkey -keyalg RSA -dname
"CN=<ServerName>,OU=<OrgUnit>,O=<Org>,L=<Locality>,S=<State>,C=<Country>"
-keypass <SecurePassword> -keystore
"<InstallDir>\keystore\server.jks" -storepass
<SecurePassword>
Where:
- -dname
"CN=<ServerName>,OU=<OrgUnit>,O=<Org>,L=<Locality>,S=<State>,C=<Country>"
- should provide appropriate metadata to identify your server.
- -keystore
"<InstallDir>\keystore\server.jks" - is the path to
the keystore which, by default, will be at C:\Program
Files\SAP\PowerDesigner Portal 16\keystore\server.jks. This command
will create the keystore at this location if it does not already exist.
- -keypass <SecurePassword> and
-storepass <SecurePassword> - must be
identical and are the secure password that you define for the server key and
keystore.
- Edit the Tomcat/conf/server.xml file to enable ssl and configure
the keystore.
Create a
<Connector element with the following
values:
< Connector
protocol ="org.apache.coyote.http11.Http11Protocol"
port ="8443"
SSLEnabled ="true"
scheme ="https"
secure ="true"
clientAuth ="false"
sslProtocol ="TLS"
keystoreFile ="<InstallDir>\keystore\server.jks"
keystoreType ="JKS"
keystorePass ="<SecurePassword>"/>
Where:
- port - can be set to any appropriate
value.
- clientAuth is set to
false to allow a standard login if the certificate cannot
be found.
- keystoreFile points to your keystore (by
default at C:\Program Files\SAP\PowerDesigner Portal
16\keystore\server.jks).
- keystorePass is the
<SecurePassword> defined for your keystore.
Note To restrict access to this port only, comment out any other connector
elements.