Enabling SSL on the server

A server certificate is required before SSL can be enabled on the CLC Server. This is usually obtained from a Certificate Authority (CA) like Thawte or Verisign (see http://en.wikipedia.org/wiki/Certificate_authorities).

A signed certificate in a pkcs12 keystore file is also needed. The keystore file is either provided by the CA or it can be generated from the private key used to request the certificate and the signed-certificate file from the CA (see Creating a PKCS12 keystore file).

Copy the keystore file to the conf subdirectory of the CLC Server installation folder.

Next, the server.xml file in the conf subdirectory of the CLC Server installation folder has to be edited to enable SSL-connections. Add text like the following text to the server.xml file:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="conf/keystore.pkcs12" keystorePass="tomcat"
Replace keystore.pkcs12 with the name of your keystore file, and replace tomcat with the password for your keystore.

The above settings make SSL available on port 8443. The standard (non-SSL) port would still be 7777, or whatever port number you have configured it to.

Self-signed certificates can be generated if only connection encryption is needed. See http://www.akadia.com/services/ssh_test_certificate.html for further details.