Page History
Content layer | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
| |||||||||||||||
title | Warning: Changing the server protocol and server port
|
---|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
Changing the SSL certificate
By default, the Admin console uses a self-signed certificate that is provided with the build. This is the same keystore use by TWCloud and Authserver, and is located in <install_directory>/configuration/keystore.p12.
If a signed certificate is being used to replace the self-signed certificate, we need to update configurations in three files: <installation_directory>/configuration/application.conf, <installation_directory>/AuthServer/config/authserver.properties and <installation_directory>/WebAppPlatform/conf/server.xml.
To list the aliases of the using the command <path_to_java_bin_directory>/keytool -v -list -keystore <keystorefile>. For this example, the location of my keytool executable is /opt/local/java/jdk1.8.0_192/bin/keytool, and the keystore file is the default keystore.p12. The command is being executed from the same directory where keystore.p12 is located. When the command is executed, you will be prompted for the keystore password. For our self-signed certificate (keystore.p12), it is nomagic.
Code Block |
---|
# /opt/local/java/jdk1.8.0_192/bin/keytool -v -list -keystore keystore.p12
Enter keystore password:
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: teamworkcloud
Creation date: Oct 30, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=10.254.254.56 |
You will execute this command on whichever certificate you will be using. In this case, the alias is teamworkcloud and the certificate was generated for an Owner with a common name (CN) of 10.254.254.56, which happens to be a self-signed certificate for a machine with IP 10.254.254.56. Your keystore may contain multiple certificates with different aliases. You will identify the relevant one based on the Owner information. Once we have this information, we can proceed with the configuration.
For this example, we will assume that our new certificate is named server.p12, the keystore password is "mypassword" and the alias is "myserver". First, copy it to the <install_directory>/configuration/ directory.
Now we will proceed to edit application.conf.
Code Block |
---|
ssl {
keystorePath = "configuration/server.p12"
keystoreType = "pkcs12"
keystorePassword = "mypassword"
keyPassword = "mypassword"
} |
Code Block |
---|
https {
# the file name of the certificate or the key store (should be a full path)
file = "configuration/server.p12"
# certificate_mode: "true" if the file is a certificate; "false" if the file is a key store.
is_certificate_file = false
# key store password
password = "mypassword"
} |
Next, we proceed to edit authserver.properties.
Code Block |
---|
server.ssl.key-store=../configuration/server.p12
server.ssl.key-store-type=PKCS12
server.ssl.key-store-password=mypassword
server.ssl.key-password=mypassword
server.ssl.key-alias=myserver |
Finally, we will edit server.xml.
Code Block |
---|
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="../configuration/server.p12"
certificateKeystorePassword="mypassword"
certificateKeyAlias="myserver"
type="RSA" />
</SSLHostConfig>
</Connector> |
Note |
---|
Please note the addition of "certificateKeyAlias". This is not always necessary, but we do it for good measure. Tomcat will load the first certificate in the keystore. If there are multiple certificates, the alias is necessary in order to load the correct certificate. |
...
|