Versions Compared

Old Version 1

changes.mady.by.user user-66fe9

Saved on

compared with

New Version 2

changes.mady.by.user Developer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated instructions for changing the SSL certificate, due to the requirement that the TWC certificate exist in the truststore

...

To list the aliases of the using the command <path_to_java_bin_directory>/keytool -v -list -keystore <keystorefile>.   For this example, the location of my keytool executable is /opt/local/java/jdk1.8.0_192/bin/keytool, and the keystore file is the default keystore.p12. The command is being executed from the same directory where keystore.p12 is located.  When the command is executed, you will be prompted for the keystore password.  For our self-signed certificate (keystore.p12), it is nomagic.

Code Block
# /opt/local/java/jdk1.8.0_192/bin<path_to_keytool>/keytool -v -list -keystore keystore.p12 
Enter keystore password:  
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: teamworkcloud
Creation date: Oct 30, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=10.254.254.56

...

For this example, we will assume that our new certificate is named server.p12, the keystore password is "mypassword" and the alias is "myserver", and that we will export the certificate into a file named myserver.crt.

First, copy it to the <install_directory>/configuration/ directory.

Now Next, we will proceed to edit application.conf.need to export the certificate so that we can import it into the truststore (<teamwork_cloud_install_directory>/Authserver/config/truststore.jks)

Code Block
<path_to_keytool>/keytool -export -keystore <teamwork_cloud_install_directory>/configuration/server.p12 -storepass mypassword-alias myserver -file <teamwork_cloud_install_directory>/Authserver/config/truststore/myserver.crt

Now we will proceed to edit application.conf.


Code Block
Code Block
                ssl {
                        keystorePath = "configuration/server.p12"
                        keystoreType = "pkcs12"
                        keystorePassword = "mypassword"
                        keyPassword = "mypassword"
                }


Code Block
 https { https {                 

                        # the file name of the certificate or the key store (should be a full path)
                        file = "configuration/server.p12"   AuthServer/config/truststore/myserver.crt"

                        # certificate_mode: "true" if the file is a certificate; "false" if the file is a key store.
                        is_certificate_file = falsetrue

                        # key store password
                        password = "mypassword"
                }


Next, we proceed to edit authserver.properties.

Code Block
server.ssl.key-store=../configuration/server.p12
server.ssl.key-store-type=PKCS12
server.ssl.key-store-password=mypassword   
server.ssl.key-password=mypassword
server.ssl.key-alias=myserver

Next, we need to delete the truststore (<teamwork_cloud_install_directory>/Authserver/config/truststore.jks), so that it will be recreated upon restarting authserver.

Finally, we will edit server.xml.

Code Block
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
               maxThreads="150" SSLEnabled="true">
      <SSLHostConfig>
        <Certificate certificateKeystoreFile="../configuration/server.p12"
                     certificateKeystorePassword="mypassword"
                     certificateKeyAlias="myserver"
                     type="RSA" />
      </SSLHostConfig>
    </Connector>

...