By default, Teamwork Cloud, AuthServer, and WebApp use a self-signed certificate that is provided with the build. However, for production environments, it is strongly recommended that you use a certificate signed by trusted certificate authorities (CA). Follow the steps outlined on this page to replace the self-signed certificate with a CA certificate, providing that you already have a private key and a certificate signed by a trusted CA.

Changing the self-signed certificate to a CA certificate

To change the self-signed certificate to a CA certificate


  1. Locate the default keystore file at <install_root>\configuration\keystore.p12.

  2. Update the keystore file with the new private/public key:

    1. Create a PKCS 12 file with the OpenSSL tool:

      openssl pkcs12 -export -name teamworkcloud -in <public_key_name>.crt -inkey <private_key_name>.key -out keystore.p12

      In the example above, teamworkcloud is a sample alias. If you use a different alias, remember to update it in the <install_root>\AuthServer\config\authserver.properties file.

    2. Copy the keystore.p12 file to the <install_root>\configuration directory, replacing the default file with the new one.

  3. Add the public certificate file to the <install_root>\AuthServer\config\truststore directory.

    The public certificate file, or .crt, is the public key from the private/public (.key/.crt) key pair.

  4. Delete the truststore.jks file located at <install_root>\AuthServer\config\truststore.jks.

  5. (Recommended) Secure .key and .p12 files with a password. Make sure to keep the .key file in a safe place.

  6. If you need to switch from IP to FQDN, see how to change server or service address.

If the default configuration (file names, locations, passwords, aliases, etc.) is not changed, no additional steps are necessary. However, if you are changing the default configuration, then you also need to update the relevant properties in the corresponding files, as described below.

Note for Windows users

Teamwork Cloud

Update the default values for the properties indicated below in the <install_root>\configuration\application.conf file if any of the applicable values were changed.

application.conf
https {
		# the file name of the certificate or the key store (should be a full path)
		file = "AuthServer/config/truststore/teamworkcloud.crt"
} 

You can customize both the name and the path of the teamworkcloud.crt file. However, we recommend using the default file name and path. If necessary, change them after confirming that the initial installation is successful.

application.conf
ssl {
		keystorePath = "configuration/keystore.p12"
		keystoreType = "pkcs12"
		keystorePassword = "nomagic"
		keyPassword = "nomagic"
}
application.conf
cassandra {
		enabled = false
		keystorePath = "configuration/keystore.p12"
		keystoreType = "pkcs12"
		keystorePassword = "nomagic"
		truststorePath = "configuration/keystore.p12"
		truststoreType = "pkcs12"
		truststorePassword = "nomagic"
}

AuthServer

Update the default values for the properties indicated below in the <install_root>\AuthServer\config\authserver.properties file if any of the applicable values were changed.

authserver.properties
server.ssl.key-store=../configuration/keystore.p12
server.ssl.key-store-type=PKCS12
server.ssl.key-store-password=nomagic
server.ssl.key-password=nomagic
server.ssl.key-alias=teamworkcloud

WebApp

Update the default values for the properties indicated below in the <install_root>\WebAppPlatform\conf\server.xml file if any of the applicable values were changed.

server.xml
<Certificate    certificateKeystoreFile="../configuration/keystore.p12" 
				certificateKeystorePassword="nomagic" 
				type="RSA" 
/>

All 3 services (Teamwork Cloud, Authserver, and Webapp) must be restarted once all of the configuration changes are completed.