Modifying Cisco DCNM Web Client to Use SSL

Stop Cisco DCNM Web Client if you have already launched it. If you have installed the Cisco DCNM Web Client on Windows, you can stop the service using Windows Services under Administrative Tools.

Use a text editor to open \jboss-4.2.2.GA\server\fm\deploy\jboss-web.deployer\server.xml from the directory where DCNM Web Client is installed. You see the following lines in the beginning after some copyright information:

    <Connector className="org.apache.catalina.connector.http.HttpConnector" 
               port="80" minProcessors="5" maxProcessors="75" 
               enableLookups="false" redirectPort="8443" 
               acceptCount="10" debug="0" connectionTimeout="60000"/> 
    <!-- Define an SSL HTTP/1.1 Connector on port 8443 --> 
    <!-- 
    <Connector className="org.apache.catalina.connector.http.HttpConnector" 
               port="8443" minProcessors="5" maxProcessors="75" 
               enableLookups="true" 
               acceptCount="10" debug="0" scheme="https" secure="true"> 
      <Factory className="org.apache.catalina.net.SSLServerSocketFactory" 
               clientAuth="false" protocol="TLS"/> 
    </Connector> 
    -->

Comment the first <Connector> element and uncomment the second one. Note that the port changes from 8443 to 443 and keystore and keypass are added. Your file should look like the following example:

<!-- A HTTP/1.1 Connector on port 8080  
      <Connector port="80"  
         maxThreads="250" protocol="HTTP/1.1" strategy="ms" maxHttpHeaderSize="8192" 
         emptySessionPath="true" 
         server="Apache"  
         enableLookups="false" redirectPort="8443" acceptCount="100" 
         connectionTimeout="20000" disableUploadTimeout="true" allowTrace="false"/> 
 
      --> 
 
      <!-- Add this option to the connector to avoid problems with  
          .NET clients that don't implement HTTP/1.1 correctly  
         restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$" 
      --> 
                 
      <!-- A AJP 1.3 Connector on port 9009 --> 
      <Connector port="9009"  
         emptySessionPath="true" enableLookups="false" redirectPort="8443"  
         protocol="AJP/1.3"/> 
 
      <!-- SSL/TLS Connector configuration using the admin devl guide keystore  --> 
      <Connector port="443"  
               protocol="HTTP/1.1" SSLEnabled="true" 
           maxThreads="100" strategy="ms" maxHttpHeaderSize="8192" 
           emptySessionPath="true" 
                     server="Apache"  
           scheme="https" secure="true" clientAuth="false" sslProtocol = "TLS"  
           securityDomain="java:/jaas/encrypt-keystore-password" 
           SSLImplementation="org.jboss.net.ssl.JBossImplementation" allowTrace="false"/>

Save this file.

Create a keyword password from the command line by navigating to C:\Program Files\Cisco Systems\dcm\fm\bin, entering Encrypter.bat ssl, and then entering changeit as the password.

Restart Cisco DCNM Web Client.

Note If you restart Cisco DCNM-SAN Server with SSL enabled, you must restart Cisco DCNM Web Client. If you want to stop and restart Cisco DCNM-SAN Server with SSL disabled, you must restart Cisco DCNM Web Client.