Tech Tip: Increasing Success when Configuring TLS/SSL on CA Performance Center (CAPC)

Document created by kk_sup Employee on Jun 21, 2016Last modified by SamCreek on Dec 17, 2016
Version 4Show Document
  • View in full screen mode

When configuring TLS/SSL on CAPC, there are two main areas where people run into difficulty:


1) Configuration changes to the necessary files/sso settings


2) Problems with certificates (incorrect files, not all the correct files, etc.)


It can help to first get up and running on self signed certificates. This way we can tell that the certificates are OK,

and any problems point to a configuration issue.


When configuring CAPC to use self signed certificates:


1) Use the same keystore/private key passwords you would use when converting the self signed certificate to signed or installing a provided key/certificate.


2) After getting up and running on the self signed certificates:


a) Back up the /opt/CA/PerformanceCenter/jetty/etc/keystore file

b) Back up the /opt/CA/jre/lib/security/cacerts file.


            If issue occur when changing to the signed certificates,  if you have not changed any of the files that contain the
             keystore/private key passwords all you would need to do is restore these files and restart the CAPC services to
             restore service.


Then after confirming that CAPC is running on Self Signed certificates, then convert the self signed certificate to signed or install a provided key/certificate. After installing the new certificates, restart he CAPC services.

1 person found this helpful