We recommend switching to the latest versions of Edge, Firefox, Chrome or Safari. Using Internet Explorer will result in a loss of website functionality.

Articles in this section

See more

Setting up SSL with a CA certificate

Avatar
Gerard Cafaro
  • Updated
Follow

The instructions for installing certs received from a Certification Authority (CA) are slightly different than the instructions for self-signed certificates. The steps below will allow you to use a cert from a CA and import it into Analyze. For self-signed certificates, please use the instructions here instead. 

  1. Stop all services
  2. Open command prompt or a terminal session and navigate to: 
    <install directory>/jre/jre/bin
  3. Import the cert into Analyze's embedded Java's cacerts. The sample command below will need to be updated with the destination keystore location with your actual Analyze installation location and the source keystore updated with your PKCS12 key location:
    keytool -importkeystore -deststorepass changeit -destkeystore "C:\Program Files\Data3SixtyAnalyze\jre\jre\lib\security\cacerts" -srckeystore "C:\Users\gcafaro\Desktop\certwithkey.pfx" -srcstoretype PKCS12
  4. Import the cert into a new keystore. The command will create the keystore if it doesn't exist already. The sample command below will need to be updated with the destination keystore location with your actual Analyze installation location and the source keystore updated with your PKCS12 key location:
     
    keytool -importkeystore -deststorepass changeit -destkeystore keystore.jks -srckeystore "C:\Users\gcafaro\Desktop\certwithkey.pfx" -srcstoretype PKCS12
  5. Run the following command and make note of the newly imported key's alias for a future step. It will be near the very top of the output:
    keytool -list -v -keypass changeit -storepass changeit -keystore keystore.jks
    Your key may have an auto-generated alias, similar to a UUID, or a standard key name. 

  6. Copy the keystore.jks created in step 4 to:
    <install directory>/tomcat/conf
  7. Open the following file for editing:
    <install directory>/tomcat/conf/server.xml
  8. Within server.xml, add the following text and update the keyAlias and keyPass parameters with your actual values:
    <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" 
    port="8443" maxThreads="200" keyAlias="myKeyAlias" keyPass="myKeyPass"
    scheme="https" secure="true" SSLEnabled="true" 
    keystoreFile="conf/keystore.jks" keystorePass="changeit" 
    clientAuth="false" sslProtocol="TLS"/>
  9. Open the following file for editing:
    <install directory>/tomcat/conf/web.xml
  10. Within web.xml, add the following text. No changes are needed to the values below:
     
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Entire Application</web-resource-name>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
  11. Open the following file for editing:
    <Analyze site directory>/conf/cust.prop
  12. Within cust.prop, add the following text and update localhost to the actual Analyze server name:
     
    ls.brain.webapp.contextUrl=https://localhost:8443/
  13. Restart the Analyze services

 

Related articles

Comments

0 comments

Please sign in to leave a comment.