If this is a NEW install, it is preferable to reinstall AM rather than making lots of configuration changes. This article steps you through an easy process that allows you to start fresh and reconfigure AM for SSL. For existing installations that cannot be reconfigured from scratch, you can enable SSL as described in How do I enable SSL in AM (All versions) for an existing installation?
To enable SSL:
- Stop the web application container in which AM runs.
- Enable SSL on your web application container per your vendor's instructions. Ensure the truststore used by the JVM running AM has the necessary certificates installed. See How do I import a certificate into the truststore used by AM (All versions) for SSL? for further information.
- Take a backup of your configuration data to ensure you have it for reference or in case you want to restore your current configuration. See Maintenance Guide › Backing Up Configurations (AM 7 and later) or How do I make a backup of configuration data in AM 5.x or 6.x?
- Delete the AM configuration files, which are typically under the $HOME directory of the user running the web application container. You can use the following command if you only have one AM instance and your configuration files are under $HOME: $ rm -rf $HOME/openam $HOME/.openamcfgThis command also deletes the embedded directory server and all of its contents if you are using the internal AM configuration store.
- Delete the entries under the configured AM suffix (by default dc=openam,dc=forgerock,dc=org) if you use an external configuration store.
- Restart the web application container in which AM runs.
- Navigate to the initial AM configuration page in your browser, for example, http://host1.example.com:8080/openam.
- Reconfigure AM from scratch, ensuring you select the SSL/TLS Enabled option and specify the corresponding port. See Security Guide › Configuring the AM Container for HTTPS Connections for further information.
Once you have enabled SSL in AM, you should include details of the truststore that contains the required certificates in the setup or setup.bat script prior to installing ssoadm and in the ssoadm or ssoadm.bat script once it is installed. This is described in FAQ: Installing and using ssoadm in AM (Q. How do I install the ssoadm administration tool if I am using SSL?).