We would like to change our existing web url to BI and the CMC from http to https.
In reviewing the documentation from Tomcat and SAP, just a few questions…

1. Does the CA certificate replace the generated keystore file?
2. Do you comment out the Connector port 8080 portion in the server.xml file?
3. We use AD authentication and SSO, in the server.xml file under Connector port 8080 we added maxHttpHeaderSize=“65536”; do we add that to Connector port 8443?
4. There is a redirect port in connector port 8080, does that need to be added to connector port 8443, what port should it be?

Tomcat version 9

thx

patw

No, the certificate and the keystore file server different purposes. You will need both.

Not necessarily. You can, but if it has the redirect to port 8443 in, it will redirect traffic to that port. You can test this my going to your http URL and seeing that it changes to https.

Yes, you will need to add the maxHttpHeaderSize=“65536” to the connector port 8443

You don’t need a redirect port for the connector port 8443 section.

Thank you @JohnBClark . We updated the server.xml using KBA 1648573 as a guide and restarted Tomcat. Unfortunately, not working. Message in MS Edge…

Hmmm, can’t reach this page

refused to connect.

url is https://:8443/BOE/BI

patw

The url should just be https://BOE/BI or … CMC , don’t need the 8443 and the extra you have in your example. I make my own keystone, from keytool and our primary, int, server certs - did you do that, add that to your server. XML?

Good luck,
B

Sorry, there is no server in that - https://yourserver/BOE/BI

Brent

Thank you @bdouglas, and all.

We changed the connector we were using in server.xml and used protocol “org.apache.coyote.http11.Http11AprProtocol” and specified cert, key and chain files.
Since our deployment is in AWS, when accessing the Launchpad and CMC we also changed to use the FQN in the url.
Success.

patw