Enabling SSL

This topic provides guidance for setting up SSL security for the PowerDesigner Portal environment. For detailed information, please see your application server’s documentation.

Using the Default Tomcat Server

You will need to edit the Tomcat server.xml file to set the keystoreFile attribute to use the default keystore file for SSL connections and have clients connect using the default client.keystore file.

For example, if you have installed the PowerDesigner Portal at c:\sybase\cmr:
<Connector port="8443" maxHttpHeaderSize="8192"
  maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
  enableLookups="false" disableUploadTimeout="true"
  acceptCount="100" scheme="https" secure="true"
  clientAuth="false" sslProtocol="TLS"
  keystoreFile="C:\sybase\cmr\keystore\server.keystore">
</Connector>

For more information , see http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html

Using an Existing SSL Implementation

If you deploy the PowerDesigner Portal to an existing Tomcat server running SSL, you will need to export the certificate from your existing keystore file by using your keystore tool. If the keystore file contains many certificates, make sure you export the certificate which the Tomcat server uses. For example, using the JDK’s keytool:
keytool –export –alias tomcat –file 
  tomcat.cert –keystore <keystorefile>
Once the certificate is exported, you must import it to the %CMR_HOME%\keystore\client.keystore file using the JDK’s keytool. For example:
keytool –import -alias tomcat –file tomcat.cert 
  –keystore %CMR_HOME%\keystore\client.keystore

The password to the client.keystore is changeit.

Using an Existing Client Keystore

If you already have a client keystore file to connect to the server and don’t want to use the the supplied default client.keystore file, you can either manually edit the web-inf/config/cmrclient.xml file or login to the PowerDesigner Portal as an administrator and change the following parameters:
<bean class="java.lang.Object" id="cmr.client.config.ssl">
		<param name="keyStoreFile" value="client.keystore"/>
		<param name="keyStoreFilePath" value=""/>
		<param name="keystorePass" value="changeit"/>
		<param name="truststorePass" value="changeit"/>
	</bean>