Tomcat (Linux)

Prerequisites

  • SFTP is used for the push operations. Ensure that the SFTP port is open to upload or push the certificate to the target machine.

Adding an Application Connector for Tomcat (Linux)

  1. On the certificate holistic view, click Add Connector.
  2. Enter/Select the General Information for the connector.
    Table 1. Field descriptions for the connector General Information
    Field Description
    *Category From the dropdown list, select Server.

    If the certificate being pushed was enrolled with CSR generation at endpoint, this field is auto populated with the category selected at the time of certificate enrollment.
    *Vendor From the dropdown list, select Tomcat.

    If the certificate being pushed was enrolled with CSR generation at endpoint, this field is auto populated with the vendor selected at the time of certificate enrollment.
    *Connector Name Enter a name for this connector, to be able to identify it later.
    Tip: AppViewX recommends naming connectors according to use cases so they are easily distinguishable.
    Description Enter any additional details you want to record for this connector.
    Based on the information entered here, the Server selection section is populated with the list of available Tomcat devices already onboarded in AppViewX.
  3. To select the device(s) to which the certificate will be pushed, under Server selection, from the list of Available Devices, click .
    The Selected devices list is updated automatically.
  4. Enter/Select the Certificate Details.
    Table 2. Field descriptions for the Certificate Details
    Field Description
    Use Existing Configuration If the Use Existing Configuration option is enabled,the existing server.xml file is used to create the application connector.

    If this option is disabled, the server configuration XML file will be overwritten with the values specified in the fields below (displayed only if this option is disabled).
    *Certificate Type This field is displayed when Use Existing Configuration is not selected.

    From the dropdown list, select the file type of the certificate to be pushed.
    *Certificate Location This field is displayed when Use Existing Configuration is not selected and when Certificate Type = PEM (*.crt)/PEM (*.cer)/PEM (*.pem).

    This field is displayed when the Use Existing Configuration is disabled.
    *Key Location This field is displayed when Use Existing Configuration is not selected and when Certificate Type = PEM (*.crt)/PEM (*.cer)/PEM (*.pem).

    The private key associated with a certificate is stored in a key file.

    In this field, enter the path to the location on your local system where the private key file for the certificate to be pushed is stored.
    *KeyStore Location This field is displayed when Use Existing Configuration is not selected and when Certificate Type = JKS (*.jks)/Default JKS (*.jks).

    For JKS certificates, a keystore is a repository used for storing private keys and certificates.

    In the KeyStore Location field, enter the path to the location on your local system where the JKS keystore file, for the certificate to be pushed, is stored.
    *Password This field is displayed when Use Existing Configuration is not selected and when Certificate Type = JKS (*.jks)/Default JKS (*.jks).

    Enter the password required to access the keystore file for the JKS certificate to be pushed.

    Alias Name This field is displayed when Use Existing Configuration is not selected and when Certificate Type = JKS (*.jks)/Default JKS (*.jks).

    Enter the certificate alias assigned in the CSR generated for requesting/enrolling the certificate.

    Private Key in Device If the private key associated with the certificate being pushed has been stored on a hardware device, select this checkbox.
    Service Restart To restart the Tomcat service immediately after the certificate is pushed, enable this checkbox.
    Push Root and Intermediate Certificates This field is displayed when Use Existing Configuration is not selected.

    To push the root and intermediate certificates, along with the end certificate, select this checkbox.
    *Root Location This field is displayed when Use Existing Configuration is not selected, when Push Root and Intermediate Certificates is enabled, and when Certificate Type = Pem (*.crt)/Pem (*.cer)/Pem (*.pem).

    Enter the path to the location on your local system where the root certificate file is stored.
    *Intermediate Location This field is displayed when Use Existing Configuration is not selected, when Push Root and Intermediate Certificates is enabled, and when Certificate Type = Pem (*.crt)/Pem (*.cer)/Pem (*.pem).

    Enter the path to the location on your local system where the intermediate certificate file is stored.
    *Truststore Location This field is displayed when Use Existing Configuration is not selected, when Push Root and Intermediate Certificates is enabled, and when Certificate Type = JKS (*jks).

    For JKS certificates, the root and intermediate certificates are stored in a truststore file.

    In the Truststore Location field, enter the path to the location on your local system where the truststore file, for the JKS certificate to be pushed, is stored.
    *Truststore Password This field is displayed when Use Existing Configuration is not selected, when Push Root and Intermediate Certificates is enabled, and when Certificate Type = JKS (*jks).

    Enter the password required to access the truststore file for the JKS certificate to be pushed.
    *Truststore File Name This field is displayed when Use Existing Configuration is not selected, when Push Root and Intermediate Certificates is enabled, and when Certificate Type = Default JKS (*jks).

    Enter the name of the truststore file for the JKS certificate to be pushed.

  5. Enter/select the Push Details.
    Table 3. Field descriptions for the Push Details
    Field Description
    *Script Location Script files are commonly used to perform certain tasks required to be completed before and/or after a certificate is pushed to the target system.

    The script to be run before the certificate is pushed is called a pre-push script and the script to be run after the push is called a post-push script.

    From the following options, select the location of the script file(s):

    • In AppViewX
    • In Device
    Pre - Push Script File Name Enter the file name of the pre-push script.
    Important: Read the pre and push script usage instructions here.
    Pre - Push Script File Path This field is displayed when Script Location = In Device.
    Enter the location on your local system where the pre-push script file is stored.
    Important: Read the pre and push script usage instructions here.
    Post - Push Script File Name Enter the file name of the post push script.
    Important: Read the pre and push script usage instructions here.
    Post - Push Script File Path This field is displayed when Script Location = In Device.
    Enter the location on your local system where the post-push script file is stored.
    Important: Read the pre and push script usage instructions here.
    Overwrite The Overwrite option is used to specify if existing certificates on the target system will be overwritten with the certificate being pushed.

    If this option is enabled, the certificate being pushed will overwrite any existing certificates with the same identifier on the target system. This will also ensure that only the latest version of the certificate is available on the target system.

    If it is disabled, the push operation will fail in the event of conflicts with the certificates on the target system.
    Push Automatically To automatically push the certificate after it is renewed/reissued to the target system, enable this checkbox.
    Secure Push The Secure Push option ensures that the certificate is pushed to the target system securely, protected from any unauthorized access.
  6. Click Save.
    The connector is displayed on the certificate holistic view.