Difference between revisions of "Managing SSL Certificates"

From AgileApps Support Wiki
imported>Aeric
imported>Aeric
Line 10: Line 10:
:1. Create a keystore and a private key:
:1. Create a keystore and a private key:
::{|  
::{|  
<pre>cd {install_dir}/tomcat/conf/RN
<pre>cd {install_dir}/profiles/LJP/configuration/tomcat/conf/RN
 
keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore {keystore_filename}</pre>
keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore {keystore_filename}</pre>
|}
|}
Line 51: Line 52:


#Add the new certificate to this directory:
#Add the new certificate to this directory:
#:<tt>{install_dir}/tomcat/conf/RN</tt>
#:<tt>{install_dir}/profiles/LJP/configuration/tomcat/conf/RN
</tt>
#Edit <tt>{install_dir}/tomcat/conf/server.xml</tt> file
#Edit <tt>{install_dir}/tomcat/conf/server.xml</tt> file
#Replace the following line:  
#Replace the following line:  

Revision as of 10:18, 7 December 2016

Obtaining an SSL Certificate

The platform provides a default self-signed certificate which is used by the Application Server.

To obtain and install your own SSL Certificate, make a request to a Certificate Authority (CA). An SSL certificate authenticates a website to a web browser, part of a security protocol to manage secure data exchange.

The CA will accept your Certificate Signing Request and generate a certificate which identifies your website as a secured website.

To create a Certificate Signing Request (CSR)

1. Create a keystore and a private key:
cd {install_dir}/profiles/LJP/configuration/tomcat/conf/RN

keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore {keystore_filename}
2. Create a CSR from the keystore
keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr 
        -keystore {keystore_filename}
3. Submit the resulting file, certreq.csr, to the CA to obtain a certificate.
(When the certificate arrives, you are ready for the next step of steps.)

To Install the Certificate Obtained from the CA

Once you have obtained a certificate, you need to import it into the keystore.

But first, in addition to your certificate, the CA might provide a Chain/Root Certificate, which must also be imported. If you have received a chain certificate from the CA, then:

1. Copy the contents of the chain certificate into a file called chain
2. Import the chain certificate into your keystore:
keytool -import -alias root -keystore {keystore_filename} 
        -trustcacerts -file chain

When the chain certificate (if any) has been imported, you are ready for the final step:

3. Import the certificate received from the CA:
keytool -import -alias tomcat -keystore {keystore_filename} 
        -trustcacerts -file {certificate_filename}

Replacing the Default SSL Certificate

To replace the certificate:

  1. Add the new certificate to this directory:
    {install_dir}/profiles/LJP/configuration/tomcat/conf/RN

  1. Edit {install_dir}/tomcat/conf/server.xml file
  2. Replace the following line:
    keystoreFile="conf/RN/thirdParty" keystorePass="algrsa"
    with:
    keystoreFile="conf/RN/your_certficate_file_name"
    keystorePass="your_password_for_certificate_store"
  3. Save the file
  4. Restart the application server

The Application Server will now use your certificate file for communication over https.

Learn More