Configure Micro Focus Connect for SSL/TLS

This topic describes how to configure Micro Focus Connect to be accessible over SSL/TLS.

Basic SSL/TLS

Micro Focus Connect is installed as a web application within an Apache Tomcat web server.

To set up basic SSL/TLS configuration:

  1. Follow the steps as per the Apache Tomcat 9 documentation for SSL/TLS.

  2. Restart Tomcat. The server now supports SSL via HTTPS.

The following is an example of a connector specification when you specify the keystorePass and keyPass parameters in clear text:

<Connector port="443" maxHttpHeaderSize="8192" maxThreads="100"

minSpareThreads="25" maxSpareThreads="75"

enableLookups="false" disableUploadTimeout="true"

acceptCount="100" scheme="https" secure="true"

SSLEnabled="true" clientAuth="false"

sslProtocol="TLS" keyAlias="tomcat"

keystoreFile="conf/.ssl/keystore.jks"

keystorePass="password"

keyPass="certpass"/>

For information on how to decrypt the keystorePass and keyPass parameters, see below.

Back to top

Encrypt a password

The Tomcat configuration for SSL/TLS includes a configuration file with a visible password. This section describes how to encrypt the password.

Micro Focus Connect provides the mfcTomcatExt.jar script to decrypt the SSL keystore information in the Tomcat configuration file, and a mfcFullRestClient.jar file to encrypt the information.

To encrypt the keystorePass and the keyPass parameters:

  1. Open mfcEncryptPassword.bat (Windows) or mfcEncryptPassword.sh (Linux) in the utilities folder and make the following changes for your server instance:

    set USER=Administrator
    set PASSWORD= <password>
    set HOST=localhost
    set PORT= <port number of the connect service e.g. 8081>
    set CLEAR_PASSWORD=<clearTextPassword>

    HOST and PORT are the host and port of the Micro Focus Connect service, usually localhost and 8081. The USER and PASSWORD are the administrator credentials for logging into Micro Focus Connect. CLEAR_PASSWORD is the password to encrypt for the key store.

  2. Verify that the Micro Focus Connect Service is running.

  3. Navigate to the utilities folder and run a command prompt as an administrator.

  4. Run the mfcEncryptPassword.bat|sh file twice to generate the encrypted vales for both the keystorePass and the keyPass parameters.

  5. Copy mfcTomcatExt.jar from Connect\Utilities to Connect\WebServer\lib.

  6. Modify the SSL connector definition to include:

    protocol="com.connect.tomcatext.Http11Nio2Protocol"

  7. Replace the clear passwords with the encrypted ones. The result should be as follows (using your own encrypted values):

    <Connector port="443" protocol="com.connect.tomcatext.Http11Nio2Protocol"

    maxHttpHeaderSize="8192" maxThreads="100"

    minSpareThreads="25" maxSpareThreads="75" enableLookups="false"

    disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true"

    SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="tomcat"

    keystoreFile="conf/.ssl/keystore.jks"

    keystorePass="saWw9W3BvsBriGp11RYHE09yDMZt97XR/ml+CJg53jaS8ReDtYcVYg5+81xv542Of4ZyAA6dWyPtLWpL5ZFxwLb9x+k3x1DcP+G1CYsTLXLhabOu2KYyhedhiKT/rqjnDncfSfttzj+Hh3kJQyHcsmHIDAlZ6Q/rLhHloGyU1I4s83M/yds5DG10aTaE1S6J0YmmgoSCLEqOBzucJfPQQoC636KMeQJA2PkeIAJulNF1WSY3PAS/QHsnAXAEHiZ4D5J43kYaGW8/rTcLcKTQZeCfdjIcm3rc78FbsDPuUj7HrE3hdZzad1uxWnjw5aU7kpll/0qWOWnjNUfXizKMUA=="

    keyPass="uuIo4XpdJEvTDgYsOOVeIipuJTi0mTmRByNZqJkxgTGBJZ1k2y7WqfLsjF7Jute09OdVuQ9SvyXd1xEofHtnASPsg/W36uIW3ShWaz7p2V5nmO26xol2x9/QAKB3gahD9nA/5nPiVYmhZskVnm0mzPzHlV4nyNLfpH0FN/0PY7tB8XG8GTlpRgvGd7GyMux+rY12kqEWdvYTESaqi6kvyboF4ZgEbjMpG6NYsuWbHbX++GTRGVYp+qch4gfiN3aq1OhKkag+OaRjrkRBoqgN9sfIy3TS7IZSCD3r2dDby822I5gx+f5dfk4qTZmK0JsOekTPkoAbozVitQuhbrl3MQ=="/>

  8. Restart Tomcat.

    The passwords are now encrypted in the server.xml file.

Back to top

Next steps: