These instructions show you how to convert Automate Schedule to run in secure sockets layer (SSL) mode. Additional information is available on the Apache Tomcat website.
If you wish to use trusted certificate authority (CA) certificates, go to a CA website for information on generating the correct keys for a Tomcat server.
Note: Skybot Scheduler has been renamed to Automate Schedule and is now part of the Automate suite of products. The existing Skybot Scheduler features and functionality are the same; only the product name has changed.
Generating a Self-Signed Certificate
You must first generate or obtain a .keystore file and note the password.
- The JAVA_HOME environment variable must be set to the location of a valid JVM. Then, issue one of the following commands from a command prompt:
%JAVA_HOME%\bin\keytool -keysize 2048 -genkey -alias automateschedule -keyalg RSA -keystore automateschedule.keystore
$JAVA_HOME/bin/keytool -keysize 2048 -genkey -alias automateschedule -keyalg RSA -keystore automateschedule.keystore
- After creating a password, you will be asked for additional information. This information is not required. Press Enter to skip these questions.
- Remember the password you entered while generating the key.
- The resulting automateschedule.keystore file is located in your working directory.
Enabling the Certificate
- End the Automate Schedule server.
- Copy the automateschedule.keystore file into the ...\Help Systems\Automate Schedule(*server on Linux)\conf folder.
- Edit the server.xml file in the conf folder as follows:
- Change the following settings in the Connector for protocol="HTTP/1.1":
- port="8008" to "8443"
- protocol="HTTP/1.1" to "org.apache.coyote.http11.Http11NioProtocol"
- SSLEnabled="false" to "true"
- scheme="http" to "https"
- secure="false" to "true"
- keystoreFile="conf/.keystore" to "conf/automateschedule.keystore"
- keystorePass="robotMP" to "[password you created with the automateschedule.keystore]"
- remove sslprotocol="TLS"
- add sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
- add ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"
- Change the redirectPort="8008" to "8443" in the Connector for protocol="AJP/1.3".
- Save your changes to server.xml.
- Start the Automate Schedule server.
After You Are Done
Change your browser links to use https (vs. http) and the correct port (8443):
where xxx.xxx.xxx.xxx is the IP address of your enterprise server.