Secured Socket Layer (SSL) is a protocol that provides a secured way of communication between the client and server with the help of the certificates. When using Apache Tomcat as a server for the deployment of SailPoint, the data that we are dealing with is sensitive in nature. With the help of Self Sign certificates, we can secure Sailpoint IdentityIQ which is hosted on a tomcat server without the need for certificate authority (CA).
Step 1: Open up the command prompt.
Step 2: Make sure java is installed and type the following command:
keytool -genkey -alias iiq -keyalg RSA -keystore www.example.com.jks
Step 3: Enter the password. The default password for tomcat is “changeit”.
Step 4: Enter all the details for the Keystore. i.e., Name, name of OU, name of organization, city, state, country.
Step 5: Hit enter if you want the same password for the Keystore. Then Keystore will be generated in the specified location.
Example:
Figure 1: Example Commands
Step 1: Navigate to CATALINA_HOME
Step 2: Navigate into the conf directory
Step 3: Open the server.xml file
Step 4: comment the default connector port
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000" redirectPort="8443" />
Step 5: Add the following connector port to the file
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="C:\ssl\www.example.com.jks" keystorePass="changeit" certificateKeyAlias="iiq" clientAuth="false" sslProtocol="TLS"/>
Example:
Figure 2: Connector type and config
Step 6: Save the file and start the tomcat server.
Step 7: Check the tomcat server URL.
https://localhost:8443/identitiyiq
Note: The browser will throw the exception saying that the site is not secure, this is due to the self-sign certificate which has not been signed off by the CA. You can add the exception in the browser and proceed.
Step 1: Navigate to c:\Windows\system32\drivers\etc\hosts
Step 2: Open the host's file with Notepad
Step 3: Add Local IP Address with Custom URL
Example:
Figure 3: Hosts file with configuration
Step 4: Save the hosts file and Start the Tomcat server
Step 5: Access the Tomcat Server using https://www.example.com:8443/identityiq.
Figure 4: System Information
www.sailpoint.com
Find below screenshot for reference.
Figure 5: Reference Base URL
Base URL: https://www.sailpoint.com/identityiq/login.jsf?prompt=true
Regards,
Rakesh Vadnala