Configure Micro Focus Connect for SSL/TLS

This topic describes how to configure Micro Focus Connect to be accessible over SSL/TLS.

Basic SSL/TLS

Micro Focus Connect is installed as a web application within an Apache Tomcat web server.

To set up basic SSL/TLS configuration:

  1. Follow the detailed directions provided by Tomcat: https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html

  2. Restart Tomcat.

    The server will now support SSL via HTTPS.

When the keystorePass and keyPass parameters are specified in clear text, the Connector specification might look like:

<Connector port="443" maxHttpHeaderSize="8192" maxThreads="100"

minSpareThreads="25" maxSpareThreads="75"

enableLookups="false" disableUploadTimeout="true"

acceptCount="100" scheme="https" secure="true"

SSLEnabled="true" clientAuth="false"

sslProtocol="TLS" keyAlias="tomcat"

keystoreFile="conf/.ssl/keystore.jks"

keystorePass="password"

keyPass="certpass"/>

In the following section we will explain how to decrypt the keystorePass and keyPass parameters.

Back to top

Encrypt a password

The Tomcat configuration for SSL/TLS includes a configuration file with a visible password. This section describes how to encrypt the password.

Micro Focus Connect provides a tomcatext.jar file to decrypt the ssl keystore information in the Tomcat configuration file, and a mfcFullRestClient.jar file to encrypt the information.

To encrypt keystorePass and keyPass:

  1. From the Micro Focus Connect Marketplace page, download the mfcTomcatExt-<version>.jar file.
  2. Copy the mfcTomcatExt-<version>.jar file to the <application-folder>\Connect\WebServer\lib folder.
  3. Open a command line, and go to the folder containing the jar.

  4. Enter: java -jar mfcFullRestClient.jar encrypt <clearPass>

    Where <clearPass> is your plain-text password.

    The result output is a 344 character length string ending with ==. Repeat this command to generate the encrypted values for both the keystorePass and the keyPass parameters.

  5. Modify the SSL connector definition to include:

    protocol="<com.connect.tomcatext.Http11Nio2Protocol>"

  6. Replace the clear passwords with the encrypted ones. The result should be as follows (using your own encrypted values):

    <Connector port="443" protocol="<com.connect.tomcatext.Http11Nio2Protocol>"

    maxHttpHeaderSize="8192" maxThreads="100"

    minSpareThreads="25" maxSpareThreads="75" enableLookups="false"

    disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true"

    SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="tomcat"

    keystoreFile="conf/.ssl/keystore.jks"

    keystorePass="saWw9W3BvsBriGp11RYHE09yDMZt97XR/ml+CJg53jaS8ReDtYcVYg5+81xv542Of4ZyAA6dWyPtLWpL5ZFxwLb9x+k3x1DcP+G1CYsTLXLhabOu2KYyhedhiKT/rqjnDncfSfttzj+Hh3kJQyHcsmHIDAlZ6Q/rLhHloGyU1I4s83M/yds5DG10aTaE1S6J0YmmgoSCLEqOBzucJfPQQoC636KMeQJA2PkeIAJulNF1WSY3PAS/QHsnAXAEHiZ4D5J43kYaGW8/rTcLcKTQZeCfdjIcm3rc78FbsDPuUj7HrE3hdZzad1uxWnjw5aU7kpll/0qWOWnjNUfXizKMUA=="

    keyPass="uuIo4XpdJEvTDgYsOOVeIipuJTi0mTmRByNZqJkxgTGBJZ1k2y7WqfLsjF7Jute09OdVuQ9SvyXd1xEofHtnASPsg/W36uIW3ShWaz7p2V5nmO26xol2x9/QAKB3gahD9nA/5nPiVYmhZskVnm0mzPzHlV4nyNLfpH0FN/0PY7tB8XG8GTlpRgvGd7GyMux+rY12kqEWdvYTESaqi6kvyboF4ZgEbjMpG6NYsuWbHbX++GTRGVYp+qch4gfiN3aq1OhKkag+OaRjrkRBoqgN9sfIy3TS7IZSCD3r2dDby822I5gx+f5dfk4qTZmK0JsOekTPkoAbozVitQuhbrl3MQ=="/>

  7. Restart Tomcat.

    The passwords will be encrypted in the server.xml file.

Back to top

Enhanced SSL/TLS

Micro Focus Connect users can increase the default maximum allocated memory on Linux deployments.

To set up enhanced SSL/TLS configuration on Linux:

  1. Locate setenv.sh in the /MicroFocusConnect/WebServer/bin directory.

  2. Open the file and in the JAVA_OPTS parameters, modify the value for -Xmx.

  3. Restart the Micro Focus Connect service.

Back to top

Next steps: