Page History

By default, Teamwork Cloud, AuthServer and WebApp use a self-signed certificate that is provided with the build. However, for production environments, it is highly recommended to use a certificate signed by trusted certificate authorities (CA). The steps described on this page should be followed in order to replace the self-signed certificate with a CA certificate, providing that you already have a private key and a certificate signed by a trusted CA.

Changing the self-signed certificate to a CA certificate

To change the self-signed certificate to a CA certificate

1. Update the keystore file with the new private/public key. The default keystore is located at <TWC_installation_directory>\configuration\keystore.p12. To do so, follow the steps:

   1. Create a PKCS 12 file with the OpenSSL tool. 

      Code Block
      openssl pkcs12 -export -in <public_key_name>.crt -inkey <private_key_name>.key -out keystore.p12

   2. Copy the keystore.p12 file to the <TWC_installation_directory>\configuration directory, replacing the default file with the new one.

      Note
      title Note for Windows users
      You can download OpenSSL binaries for Windows operating system from http://gnuwin32.sourceforge.net/packages/openssl.htm. All commands should be run with administrator rights in the directory where the OpenSSL executable resides.

2. Add the public certificate file to the <TWC_installation_directory>\AuthServer\config\truststore directory.

3. Delete the truststore.jks file located at <TWC_installation_directory>\AuthServer\config\truststore.jks.

If the default configuration (file names, locations, passwords, aliases, etc.) is not changed, no additional steps are necessary. If, however, you are changing the default configuration, then you also need to update the relevant properties in the corresponding files, as described below.

Teamwork Cloud

Update the default values for the properties indicated below in the <TWC_installation_directory>\configuration\application.conf file if any of the applicable values were changed.

https {
		# the file name of the certificate or the key store (should be a full path)
		file = "AuthServer/config/truststore/teamworkcloud.crt"
} 

ssl {
		keystorePath = "configuration/keystore.p12"
		keystoreType = "pkcs12"
		keystorePassword = "nomagic"
		keyPassword = "nomagic"
}

cassandra {
		enabled = false
		keystorePath = "configuration/keystore.p12"
		keystoreType = "pkcs12"
		keystorePassword = "nomagic"
		truststorePath = "configuration/keystore.p12"
		truststoreType = "pkcs12"
		truststorePassword = "nomagic"
}

AutherServer

Update the default values for the properties indicated below in the <TWC_installation_directory>\AuthServer\config\authserver.properties file if any of the applicable values were changed.

server.ssl.key-store=../configuration/keystore.p12
server.ssl.key-store-type=PKCS12
server.ssl.key-store-password=nomagic
server.ssl.key-password=nomagic
server.ssl.key-alias=teamworkcloud

WebApp

Update the default values for the properties indicated below in the <TWC_installation_directory>\WebAppPlatform\conf\server.xml file if any of the applicable values were changed.

<Certificate    certificateKeystoreFile="../configuration/keystore.p12" 
				certificateKeystorePassword="nomagic" 
				type="RSA" 
/>

All 3 services (Teamwork Cloud, Authserver, and Webapp) must be restarted once all of the configuration changes are completed.

Related pages

• Managing HTTPS and SSL on server
• Enabling secure connection between client and server