Showing results for 
Show  only  | Search instead for 
Did you mean: 

Securing SailPoint deployed on Tomcat server

Securing SailPoint deployed on Tomcat server


Securing SailPoint deployed on Tomcat server

Secured Socket Layer (SSL) is a protocol that provides a secured way of communication between the client and server with the help of the certificates. When using Apache Tomcat as a server for the deployment of SailPoint, the data that we are dealing with is sensitive in nature. With the help of Self Sign certificates, we can secure Sailpoint IdentityIQ which is hosted on a tomcat server without the need for certificate authority (CA).


Creation of Self Sign Certificate

Step 1: Open up the command prompt.

Step 2: Make sure java is installed and type the following command:


keytool -genkey -alias iiq -keyalg RSA -keystore


Step 3: Enter the password. The default password for tomcat is “changeit”.

Step 4: Enter all the details for the Keystore. i.e., Name, name of OU, name of organization, city, state, country.

Step 5: Hit enter if you want the same password for the Keystore. Then Keystore will be generated in the specified location.











Figure 1: Example Commands


Configuring the Tomcat server

Step 1: Navigate to CATALINA_HOME

Step 2: Navigate into the conf directory

Step 3: Open the server.xml file

Step 4: comment the default connector port

<Connector port="8080" protocol="HTTP/1.1"    
connectionTimeout="20000"  redirectPort="8443" />

Step 5: Add the following connector port to the file

<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="C:\ssl\" keystorePass="changeit"  certificateKeyAlias="iiq" clientAuth="false" sslProtocol="TLS"/>










Figure 2: Connector type and config


Step 6: Save the file and start the tomcat server.

Step 7: Check the tomcat server URL.


Note: The browser will throw the exception saying that the site is not secure, this is due to the self-sign certificate which has not been signed off by the CA. You can add the exception in the browser and proceed.


Accessing the Tomcat Server with Custom Domain Name

Step 1: Navigate to c:\Windows\system32\drivers\etc\hosts

Step 2: Open the host's file with Notepad

Step 3: Add Local IP Address with Custom URL
















Figure 3: Hosts file with configuration 


Step 4: Save the hosts file and Start the Tomcat server

Step 5: Access the Tomcat Server using


Access website through FQDN in Windows Server

  • A fully qualified domain name, sometimes also referred to as an absolute domain name, is a domain name that specifies its exact location in the tree hierarchy of the Domain Name System. It specifies all domain levels, including the top-level domain and the root zone.
  • In Windows Server OS, do not need to do Step No. 3 from above.
  • For Example, FQDN: find below picture for reference.











Figure 4: System Information

  • Go to Chrome browser
  • Enter URL like computer name [.] Domain name.

Find below screenshot for reference.













Figure 5: Reference Base URL

Base URL:



Rakesh Vadnala

Version history
Revision #:
3 of 3
Last update:
‎Jun 22, 2023 02:55 PM
Updated by: