Steps to configure the Control-M Web Server for https access with Control-M Self Service using SSL Authentication

Use the following steps to enable SSL security authentication between a web browser and the Tomcat Web Server.
These steps are assuming that you are using an SSL certificate from a Certificate Authority(CA) and you are using the Tomcat web server provided with Control-M/Enterprise Manager version 7.0.00.

1. Creating a certificate keystore with the following command. Please set a customize password and save it somewhere. You will need to use the password later on to configure the web server server.xml file. Enter the accurate information when prompted and press ENTER for the certificate password to set the same certificate password as keystore.(Note: You might want to use the company's domain name under the NAME field. eg: www.bmc.com)

Windows: %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
-keystore tomcat.keystore -storepass <password>

UNIX: $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore
tomcat.keystore -storepass <password>

Note: The keystore file tomcat.keystore will be created under $JAVA_HOME/bin/ by default if no file path is specified.

2. Create a Certificate Signing Request(CSR) from the keystore generate on step 1. Replace the variable CSR certificate filename.
$JAVA_HOME/bin/keytool -certreq -keyalg RSA -alias tomcat -keystore tomcat.keystore -file <yourcertificatname>.csr

Important:
  Make sure to specify the CN (Common Name) field as the hostname that would be used in the browser url to connect to this server.

3. Send the CSR file to a Certificate Authority(CA) to get the root certificate and new ssl certificate from CA in return.
  Request the CA to specify the Subject Alternative Name field on the certificate, and add to that at least the short hostname and fully qualified domain name of the server. 

4. Import the Root certificate from CA to the keystore. If Intermediate/chain CA certificate is provided by CA, import the intermediate CA certificate instead.
$JAVA_HOME/bin/keytool -import -trustcacerts -alias root -keystore tomcat.keystore -file <path/to/the/CA.cert>

5. Import the new SSL certificate from CA to the keystore.
$JAVA_HOME/bin/keytool -import -alias tomcat -keystore tomcat.keystore -file <path/to/the/ssl_cert.cer>

6. You can confirm the keystore content with the following command.
$JAVA_HOME/bin/keytool -list -v -keystore tomcat.keystore > output_filename

7. Configure Tomcat Web server to use SSL from step 2 onwards on page 43 of the SSL Guide under the section "Configuring Control-M/EM Web Server to work with HTTPS".
Basically, the steps involves changing the server.xml's keystoreFile & keystorePass values to the defined values on step1 under the "Connector Port" section of the file.

8. Restart the Tomcat Web Server.

9. Login to the Self service url with ssl port and "https" prefix to test the SSL connection.

You can refer to the following section of the SSL Guide which explains the above steps.
-Exporting or importing private/public keys
-Configuring Control-M/EM Web Server to work with HTTPS

Please note that the above steps are for enabling SSL between web browser(Self Service Login page) and Tomcat web server.

If you would like to enable SSL between the Tomcat web server and the Control-M/Enterprise Manager GUI Server, please refer to the steps mentioned in the "Configuring Control-M Self Service web component" section of the Control-M SSL Guide.

Additional Information:
Customers viewing this solution may find value in the following self-help Connect with Control-M video.