Description

In a default installation, Veritas Desktop and Laptop Option (DLO) uses Self-Signed certificates to communicate between DLO and Dedupe(Tomcat) components, but if a Certificate Authority (CA) issued certificate is needed instead to be used by the Dedupe Server communications, the steps below explain how to do this;

1. Create a folder called SSL under "C:\Program Files\Veritas\Veritas DLO\Dedupe\Tomcat\conf\" and copy the CA issued .crt and its associated .key file into that

2. Take a backup copy of the server.xml file, present in "C:\Program Files\Veritas\Veritas DLO\Dedupe\Tomcat\conf"

3. Edit the server.xml file by replacing the HTTPS connector settings present under the section “JSSE style configuration is used below", with the connector information below:

maxThreads="150" SSLEnabled="true">


CertificateKeyFile="conf\SSL\private.key"
CertificateKeyPassword = "password"
type="RSA" />

In the above connector settings, replace the .crt and .key file names mentioned against “SSLCertificateFile” and “SSLCertificateKeyFile”, with the appropriate file names, as present in  “C:\Program Files\Veritas\Veritas DLO\Dedupe\Tomcat\conf\SSL”
Also, in “certificateKeyPassword”, enter the correct password of the .key file.

4. Restart the “Mindtree StoreSmart Dedupe Server” service.

5. In a Web Browser, check the Dedupe server accesses correctly, by going to the URL https://:8443 and check the certificate info. This should match the certificate copied into the “C:\Program Files\Veritas\Veritas DLO\Dedupe\Tomcat\conf\SSL” path

Note: The certificate validation is not carried out from DLO client machines, as we do not deploy any Dedupe related certificate on the clients, but the Dedupe requests from the clients will still be sent over HTTPS and will be encrypted.