A signed certificate in a
pkcs12 keystore file is also needed. The keystore file is either provided by the CA or it can be generated from the private key used to request the certificate and the signed-certificate file from the CA (see Creating a PKCS12 keystore file).
Copy the keystore file to the conf subdirectory of the CLC Server installation folder.
server.xml file in the
conf subdirectory of the CLC Server installation folder has to be edited to enable SSL-connections. Add text like the following text to the
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="conf/keystore.pkcs12" keystorePass="tomcat" keystoreType="PKCS12" />Replace
keystore.pkcs12with the name of your keystore file, and replace
tomcatwith the password for your keystore.
The above settings make SSL available on port 8443. The standard (non-SSL) port would still be 7777, or whatever port number you have configured it to.
Self-signed certificates can be generated if only connection encryption is needed. See http://www.akadia.com/services/ssh_test_certificate.html for further details.