Highlighted
Outstanding Contributor.. yangnigon Outstanding Contributor..
Outstanding Contributor..
737 views

How to Configure SSL Support for BPM 9.3 Admin

Jump to solution

Hello Community,

OS: Windows Server 2012 R2
BPM 9.3 Build 341
Web Server: IIS 8.5

There is a couple of things that I would like to ask in regard to configuring SSL support for BPM admin.

1) BPM admin guide page 157 #4 modify the server.xml..... Do these steps apply to IIS? When looking through <BPM installation directory>\ServletContainer\conf\server.xml, it looks like it is for Apache rather than IIS.

2) When configured following the guide, I still was not able to acccess the BPM admn console via SSL. In the guide, "Unable to access the BPM Admin console using SSL" on page 160, it shows check the following files:
-> Windows: Check the latest catalina.<current date>.log file located in C:\ProgramData\HP\BPM\Tomcat\logs

I do not see this file in the directory. Does this mean something is wrong somewhere? What troubleshooting or investigative process can I take to find more about why secure connection is not set up?

3) To configure SSL support, do I have to go through the binding process for BPM (Windows Server)? Like going through the binding and loading the BPM generated cert on IIS Manager?

If anyone has any guideline or suggestations, please do let me know.

Thanks in advance,

Tags (1)
0 Likes
1 Solution

Accepted Solutions
Micro Focus Expert
Micro Focus Expert

Re: How to Configure SSL Support for BPM 9.3 Admin

Jump to solution

Hi,

1) The BPM uses apache tomcat as its web server, not IIS (even if IIS is installed on the server that BPM is also running on).

2) Try this location (amend if BPM is installed to a different path), and if not, search the drive for cata*.log and you should find it:

   C:\HP\BPM\ServletContainer\temp\logs\

3) You should be able to follow the instructions from page 154.  Basically, you'll need a key and certificate for each BPM Probe.  These will not be part of the Windows OS as they are used by Java.  They can be self-signed or CA signed.  CA signed is better if possible, so clients trust them automatically.  Be careful with editing server.xml as it can be picky with formatting which could mean the web server fails to start.  Hopefully there will be something useful in the catalina log if you can find it.

I hope that helps.

Regards,

Tim

0 Likes
4 Replies
Micro Focus Expert
Micro Focus Expert

Re: How to Configure SSL Support for BPM 9.3 Admin

Jump to solution

Hi,

1) The BPM uses apache tomcat as its web server, not IIS (even if IIS is installed on the server that BPM is also running on).

2) Try this location (amend if BPM is installed to a different path), and if not, search the drive for cata*.log and you should find it:

   C:\HP\BPM\ServletContainer\temp\logs\

3) You should be able to follow the instructions from page 154.  Basically, you'll need a key and certificate for each BPM Probe.  These will not be part of the Windows OS as they are used by Java.  They can be self-signed or CA signed.  CA signed is better if possible, so clients trust them automatically.  Be careful with editing server.xml as it can be picky with formatting which could mean the web server fails to start.  Hopefully there will be something useful in the catalina log if you can find it.

I hope that helps.

Regards,

Tim

0 Likes
Evgeni N
New Member.

Re: How to Configure SSL Support for BPM 9.3 Admin

Jump to solution

Hello Tim ,

Trying to configure a SSL on BPM 9.40.

To us the guide is not clear on what are All the required files ( and their extensions ) when dealing with a CA signed certificate from the customer.

We have

-the certificate and root certificate in .crt format

- pfx file with some content ( not sure if the crrect one ) 

Still the tomcat is not even starting and loading forver. I'd check the log content at the location you said tomorrow- hope it's helpful.

In resorce monitor we see 8443 is running but its not accesssible. Some times we get error that the site is using unsupported cipher 

According to this guide its sufficient to import the certs in a keystore and then specify it in server.xml 

https://www.mulesoft.com/tcat/tomcat-ssl

I'd also import them into cacerts file on BPM

any advice will be appreciated. 

thanks in advance

Evgeni

0 Likes
Rufeng Xu-Fried Honored Contributor.
Honored Contributor.

Re: How to Configure SSL Support for BPM 9.3 Admin

Jump to solution

You need to have a server server with key exportable option enabled

Then convert .crt -> pfx file  -> two PEM files, one cert and one key.

Add the information in the apache config files.

 

 

Rufeng
0 Likes
Rufeng Xu-Fried Honored Contributor.
Honored Contributor.

Re: How to Configure SSL Support for BPM 9.3 Admin

Jump to solution

I mean server cert

Rufeng
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.