Show TOC

Enabling SSL for PowerDesigner WebLocate this document in the navigation structure

We recommend that you enable SSL for the PowerDesigner Web server in order to encrypt its communications with client browsers.


Note This procedure only enables SSL. To configure the server for single-sign on (including SSL), see Enabling Single Sign-On for PowerDesigner Web. For Tomcat documentation about enabling SSL, see published on non-SAP site.


  1. Open a command prompt with administrator's privileges and navigate to JAVA_HOME/bin, where your keytool is located.
  2. Create a self-signed key pair to identify the server:

    keytool -genkeypair -alias serverkey -keyalg RSA -dname "CN=<ServerName>,OU=<OrgUnit>,O=<Org>,L=<Locality>,S=<State>,C=<Country>" -keypass <SecurePassword> -keystore "<InstallDir>\keystore\server.jks" -storepass <SecurePassword>

    • -dname "CN=<ServerName>,OU=<OrgUnit>,O=<Org>,L=<Locality>,S=<State>,C=<Country>" - should provide appropriate metadata to identify your server.
    • -keystore "<InstallDir>\keystore\server.jks" - is the path to the keystore which, by default, will be at C:\Program Files\SAP\PowerDesigner Portal 16\keystore\server.jks. This command will create the keystore at this location if it does not already exist.
    • -keypass <SecurePassword> and -storepass <SecurePassword> - must be identical and are the secure password that you define for the server key and keystore.
    Note A self-signed key pair is sufficient for testing, but users accessing your server will receive a security warning. To securely identify your server, you must request a certificate signed by your certification authority and import it into your keystore (see published on non-SAP site ).
  3. Edit the Tomcat/conf/server.xml file to enable ssl and configure the keystore.
    Create a <Connector element with the following values:
    < Connector 
    	protocol ="org.apache.coyote.http11.Http11Protocol"
    	port ="8443"
    	SSLEnabled ="true"
    	scheme ="https"
    	secure ="true"
    	clientAuth ="false"
    	sslProtocol ="TLS"
    	keystoreFile ="<InstallDir>\keystore\server.jks"
    	keystoreType ="JKS" 
    	keystorePass ="<SecurePassword>"/>
    • port - can be set to any appropriate value.
    • clientAuth is set to false to allow a standard login if the certificate cannot be found.
    • keystoreFile points to your keystore (by default at C:\Program Files\SAP\PowerDesigner Portal 16\keystore\server.jks).
    • keystorePass is the <SecurePassword> defined for your keystore.
    Note To restrict access to this port only, comment out any other connector elements.