Tomcat (Windows)

  1. On the certificate holistic view, click Add Connector.
  2. Enter the General Information for the connector.
    Table 1. Field descriptions for the connector General Information
    Field Description
    *Category From the dropdown list, select Server.

    If the certificate being pushed was enrolled with CSR generation at endpoint, this field is auto populated with the category selected at the time of certificate enrollment.
    *Vendor From the dropdown list, select Windows Tomcat.

    If the certificate being pushed was enrolled with CSR generation at endpoint, this field is auto populated with the vendor selected at the time of certificate enrollment.
    *Connector Name
    Enter a name for this connector, to be able to identify it later.
    Tip: AppViewX recommends naming connectors according to use cases so they are easily distinguishable.
    Description Enter any additional details you want to record for this connector.
    Based on the information entered here, the Server selection section is populated with the list of available Windows Tomcat devices already onboarded in AppViewX.
  3. To select the device(s) to which the certificate will be pushed, in the Server selection section, from the dropdown list in Available Devices, select one of the following:
    • Tomcat: This selection displays device profiles for Tomcat. The server.xml files are updated based on the profile and the inputs selected/entered in the rest of the fields.

      The profile names use the following naming convention: WIN_DEVICE :: Tomcat: 8443 : localhost:localhost

    • Default: This selection displays the push-only profiles. The bind operation is not supported.

      The profile names use the following naming convention: WIN_DEVICE :: Default:

    • ADManager: This selection displays device profiles for ADManager. The server.xml files are updated based on the profile and the inputs selected/entered in the rest of the fields.

      The profile names use the following naming convention: WIN_DEVICE :: ADManager: 8443 : localhost:localhost

    • ADSelfService: This selection displays device profiles for ADSelfService. The server.xml files are updated based on the profile and the inputs selected/entered in the rest of the fields.

      The profile names use the following naming convention: WIN_DEVICE :: ADSelfService: 8443 : localhost:localhost

    Profiles are displayed based on the selection made. The Selected devices list is updated automatically.
  4. From the profiles displayed, to select the required profiles, click .
    The Selected devices list is updated automatically.
  5. Enter the Certificate Details.
    Table 2. Field descriptions for the Certificate Details
    Field Description
    Use Existing Configuration If the Use Existing Configuration option is enabled, the existing server.xml file is used to create the application connector.

    If this option is disabled, the server configuration XML file will be overwritten with the values specified in the fields below (displayed only if this option is disabled).
    *Certificate Type From the dropdown list, select the file type of the certificate to be pushed.
    *Certificate directory Enter the path to the location on your local system where the certificate file (to be pushed to the server) is stored.
    *Certificate File Name Enter the file name of the certificate to be pushed. The file extension is auto-populated based on the Certificate Type selected.
    *Key directory The private key associated with a certificate is stored in a key file.

    In the Key directory field, enter the path to the location on your local system where the private key file for the certificate to be pushed is stored.
    *Key File Name Enter the name of the file that contains the private key associated with the certificate to be pushed.

    The file extension .key is automatically populated.
    *KeyStore Location This field is displayed when Certificate Type = Default JKS (*.jks)/PKCS#12 (*.p12)/PKCS#12 (*.pfx).

    For JKS certificates, a keystore is a repository used for storing private keys and certificates.

    In the KeyStore Location field, enter the path to the location on your local system where the JKS keystore file, for the certificate to be pushed, is stored.
    *KeyStore File Name This field is displayed when Certificate Type = Default JKS (*.jks).

    Enter the file name of the keystore file that contains the private keys and the associated certificates. The extension .key is automatically populated.
    *Password This field is displayed when Certificate Type = Default JKS (*.jks)/PKCS#12 (*.p12)/PKCS#12 (*.pfx).

    Enter the password required to access the keystore file for the JKS certificate to be pushed.

    Alias Name This field is displayed when Certificate Type = Default JKS (*.jks)/PKCS#12 (*.p12)/PKCS#12 (*.pfx).

    Enter the certificate alias assigned in the CSR generated for requesting/enrolling the certificate.

    Service Restart To restart the Windows Tomcat service immediately after the certificate is pushed, enable this checkbox.
    Private Key in Device If the private key associated with the certificate being pushed has been stored on a hardware device, select this checkbox.
    Push Root and Intermediate Certificates To push the root and intermediate certificates, along with the end certificates, select this checkbox.
    *CA File Name This field is displayed when Push Root and Intermediate Certificates is enabled.

    Enter the file name of the root certificate.
    Intermediate File or Bundle Name This field is displayed when Push Root and Intermediate Certificates is enabled.

    Enter the file name of the intermediate certificate.

    *Truststore Location This field is displayed when Certificate Type = JKS (*.jks) and Push Root and Intermediate Certificates is enabled.

    For JKS certificates, the root and intermediate certificates are stored in a truststore file.

    In the Truststore Location field, enter the path to the location on your local system where the truststore file, for the JKS certificate to be pushed, is stored.
    *Truststore Password This field is displayed when Certificate Type = JKS (*.jks) and Push Root and Intermediate Certificates is enabled.

    Enter the password required to access the truststore file for the JKS certificate to be pushed.
    *Truststore File Name This field is displayed when Certificate Type = Default KS (*.jks) and Push Root and Intermediate Certificates is enabled.

    Enter the name of the truststore file for the JKS certificate to be pushed.

  6. Enter the Push Details.
    Table 3. Field descriptions for the Push Details
    Field Description
    *Script Location Script files are commonly used to perform certain tasks required to be completed before and/or after a certificate is pushed to the target system.

    The script to be run before the certificate is pushed is called a pre-push script and the script to be run after the push is called a post-push script.

    From the following options, select the location of the script file(s):

    • In AppViewX
    • In Device
    Pre - Push Script File Name Enter the file name of the pre-push script.
    Important: Read the pre and push script usage instructions here.
    Pre - Push Script File Path This field is displayed when Script Location = In Device.
    Enter the location on your local system where the pre-push script file is stored.
    Important: Read the pre and push script usage instructions here.
    Post - Push Script File Name Enter the file name of the post push script.
    Important: Read the pre and push script usage instructions here.
    Post - Push Script File Path This field is displayed when Script Location = In Device.
    Enter the location on your local system where the post-push script file is stored.
    Important: Read the pre and push script usage instructions here.
    Push Automatically To automatically push the certificate after it is renewed/reissued to the target system, enable this checkbox.
    Note: The auto push feature for a certificate works only if enabled for the certificate application connector as well the associated certificate group. To enable this feature at the certificate group level, refer the instructions here.
  7. Click Save.
    The connector is displayed on the certificate holistic view.