The following steps describe how to configure and enable the HTTPS protocol for your Cleo Dashboards installation. Primary steps include:
- Generating a KeyStore and listing certificate details.
- Modifying the server.xml file by adding a connector element to support SSL or HTTPS connection.
Generating a KeyStore
Use the Java Keytool command to create a self-signed certificate. Assign a password and complete the details for the certificate.
Note: An installed JDK is required to use Java Keytool.
$DashboardInstallationmrc\production\m-power\tomcat\bin> keytool -genkey -alias cleo -keyalg RSA -keystore c:\dashboardKeyStore
Enter keystore password:
Re-enter new password:
What is your first and last name?[Unknown]: any
What is the name of your organizational unit?
//omitted to save space
[no]: yes
Enter key password for <cleo> (RETURN if same as KeyStore password):
Re-enter new password:
Result: You have created the dashboardKeyStore certificate, located at c:\
If installing third-party certificates
Instead of keytool -genkey
noted in the Generating a Keystore procedures above, keytool -importkeystore
can be used to import the p12 to your keystore.
Then continue to follow steps below to modify the server configuration file (server.xml).
For example:keytool -importkeystore -srckeystore C:\mysslcert.p12 -destkeystore C:\Cleo\Dashboard322\mykeystore.jks -srcstoretype PKCS12 -deststoretype jks -deststorepass password
Listing Certificate Details
Once again, use the Java Keytool command to list the details for the existing certificate.
$DashboardInstallation\mrc\production\m-power\tomcat\bin> keytool -list -keystore c:\dashboardKeyStore
Enter keystore password:
Keystore type: JKS
Keystore provider: SU
Your keystore contains 1 entry
msmith, 14 December 2013, PrivateKeyEntry,
Certificate fingerprint (MD5): C8:DD:A3:AF:7F:55:A0:7F:3E:98:10:DE:8B:63:1B:A5
Modify the server configuration file (server.xml)
Locate and edit the Tomcat server configuration file.
$DashboardInstallation\mrc\production\m-power\Tomcat\conf\server.xml
Specify a password for the keystorePass field. You have two options:
- Specify plain text as the password
- Specify an encrypted password
If specifying plain text, then modify it by adding a connector element to support SSL or HTTPS connection.
//...
<!--Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR,
the connector should be using the OpenSSL style configuration described
in the APR documentation -->
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="c:\dashboardKeyStore"
keystorePass="password"/>
//...
Note: keystorePass="password" is the same password you assigned to your keystore via the keytool command in the first part of this procedure (Generating a Keystore).
- Uncomment the existing section.
- Add KeystoreFile.
- Add KeystorePass.
- Re-start the Dashboard server to complete the configuration.
If specifying an encrypted password, then take these steps:
- Run the utility passwordencrypt.bat or sh to encrypt the keystore password. This can be found in <DashboardInstallation>\mrc\production\m-power\tomcat\bin .
- Use the encrypted password in the keystorePass field of the Connector element of the server.xml file.
See the following example:
<!-- <Connector port="8443" protocol="com.cleo.tomcat.Http11Nio9Protocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile=""
keystorePass="DgkD/BpSrrV/0evyR71w+A"/> -->
Comments
0 comments
Please sign in to leave a comment.