Page History
...
To list the aliases of the using the command <path_to_java_bin_directory>/keytool -v -list -keystore <keystorefile>. For this example, the location of my keytool executable is /opt/local/java/jdk1.8.0_192/bin/keytool, and the keystore file is the default keystore.p12. The command is being executed from the same directory where keystore.p12 is located. When the command is executed, you will be prompted for the keystore password. For our self-signed certificate (keystore.p12), it is nomagic.
Code Block |
---|
# /opt/local/java/jdk1.8.0_192/bin<path_to_keytool>/keytool -v -list -keystore keystore.p12 Enter keystore password: Keystore type: PKCS12 Keystore provider: SUN Your keystore contains 1 entry Alias name: teamworkcloud Creation date: Oct 30, 2018 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=10.254.254.56 |
...
For this example, we will assume that our new certificate is named server.p12, the keystore password is "mypassword" and the alias is "myserver", and that we will export the certificate into a file named myserver.crt.
First, copy it to the <install_directory>/configuration/ directory.
Now Next, we will proceed to edit application.conf.need to export the certificate so that we can import it into the truststore (<teamwork_cloud_install_directory>/Authserver/config/truststore.jks)
Code Block |
---|
<path_to_keytool>/keytool -export -keystore <teamwork_cloud_install_directory>/configuration/server.p12 -storepass mypassword-alias myserver -file <teamwork_cloud_install_directory>/Authserver/config/truststore/myserver.crt
|
Now we will proceed to edit application.conf.
Code Block |
---|
|
Code Block |
ssl {
keystorePath = "configuration/server.p12"
keystoreType = "pkcs12"
keystorePassword = "mypassword"
keyPassword = "mypassword"
} |
Code Block |
---|
https { https { # the file name of the certificate or the key store (should be a full path) file = "configuration/server.p12" AuthServer/config/truststore/myserver.crt" # certificate_mode: "true" if the file is a certificate; "false" if the file is a key store. is_certificate_file = falsetrue # key store password password = "mypassword" } |
Next, we proceed to edit authserver.properties.
Code Block |
---|
server.ssl.key-store=../configuration/server.p12 server.ssl.key-store-type=PKCS12 server.ssl.key-store-password=mypassword server.ssl.key-password=mypassword server.ssl.key-alias=myserver |
Next, we need to delete the truststore (<teamwork_cloud_install_directory>/Authserver/config/truststore.jks), so that it will be recreated upon restarting authserver.
Finally, we will edit server.xml.
Code Block |
---|
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation" maxThreads="150" SSLEnabled="true"> <SSLHostConfig> <Certificate certificateKeystoreFile="../configuration/server.p12" certificateKeystorePassword="mypassword" certificateKeyAlias="myserver" type="RSA" /> </SSLHostConfig> </Connector> |
...