Administering : Security considerations for Focal Point : Enabling HTTPS
  
Enabling HTTPS
Installation packages for Focal Point 7.0 and later include a version of Apache Tomcat server. When the application server is installed, HTTPS is enabled by using a self-signed certificate. If you are installing Focal Point on a separate Tomcat server, or you want to enable HTTPS by securing an SSL certificate, then you can make the following changes.
Note If you are using Websphere Application Server, do not follow the procedure outlined in this topic. Instead, follow the proprietary steps supported by Websphere Application Server.
Procedure
1 For the system where Focal Point is installed, purchase an SSL certificate and key from an SSL certificate provider (or generate a free certificate and key by using the key generator tool provided by Sun Java).
2 Go to tomcat-install\conf (where tomcat-install is your Tomcat installation folder) and open the server.xml file.
3 Edit the connector that is defined for SSL and make sure that it is uncommented.
Tip: To locate the connector for SSL, search for: Define a SSL
Connector port="9443"
protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true" clientAuth="false"
sslProtocol="TLS" sslEnabledProtocols="TLSv1.2"
4 Add the following lines to the connector section:
keystoreFile="keystore"
keystorePass="password"
where keystore is the full path and file name of the keystore file and password is the password for the keystore.
5 To change the TLS version, change the sslEnabledProtocols property.
6 Save the server.xml file.
7 Restart the Apache Tomcat server.
8 Open Focal Point by using the following URL:
https://ipaddress:9443/fp/servlet/Login
A warning message is displayed if you are using a self-signed certificate.
Result
A lock image that is displayed in the lower right corner of the web browser indicates that HTTPS is enabled.
Go up to
Security considerations for Focal Point