The instructions for installing certs received from a Certification Authority (CA) are slightly different than the instructions for self-signed certificates. The steps below will allow you to use a cert from a CA and import it into Analyze. For self-signed certificates, please use the instructions here instead.
- Stop all services
- Open command prompt or a terminal session and navigate to:
<install directory>/jre/jre/bin
- Import the cert into Analyze's embedded Java's cacerts. The sample command below will need to be updated with the destination keystore location with your actual Analyze installation location and the source keystore updated with your PKCS12 key location:
keytool -importkeystore -deststorepass changeit -destkeystore "C:\Program Files\Data3SixtyAnalyze\jre\jre\lib\security\cacerts" -srckeystore "C:\Users\gcafaro\Desktop\certwithkey.pfx" -srcstoretype PKCS12
- Import the cert into a new keystore. The command will create the keystore if it doesn't exist already. The sample command below will need to be updated with the destination keystore location with your actual Analyze installation location and the source keystore updated with your PKCS12 key location:
keytool -importkeystore -deststorepass changeit -destkeystore keystore.jks -srckeystore "C:\Users\gcafaro\Desktop\certwithkey.pfx" -srcstoretype PKCS12
- Run the following command:
keytool -list -keypass changeit -storepass changeit -keystore keystore.jks
Make note of the newly imported key's alias for a future step. Your key may have an auto-generated alias, similar to a UUID, or a name. The bolded value below is the location of the alias:te-004ac672-f945-60e1-9529-ac97fc3c96a3, Dec 30, 2019, PrivateKeyEntry,
Certificate fingerprint (SHA1): 44:95:FF:C6:AA:DD:D5:53:97:11:22:33:44:55:66:77:88:99:00:AA - Copy the
keystore.jks
created in step 4 to:
<install directory>/tomcat/conf
- Open the following file for editing:
<install directory>/tomcat/conf/server.xml
- Within
server.xml
, add the following text after the<Service name="Catalina">
tag. Update thekeyAlias
andkeyPass
parameters with your actual values. You may also optionally update theport
value to 443 or another appropriate port.
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200" keyAlias="myKeyAlias" keyPass="myKeyPass"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="conf/keystore.jks" keystorePass="changeit"
clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" compression="on"
compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/json"/> - Open the following file for editing:
<install directory>/tomcat/conf/web.xml
- Within
web.xml
, add the following text within the main<web-app>
tag. No changes are needed to the values below:<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint> - Open the following file for editing:
<Analyze site directory>/conf/cust.prop
- Within
cust.prop
, add the following text and update localhost to the actual Analyze server name and port to the value specified within server.xml:
ls.brain.webapp.contextUrl=https://localhost:8443/
- Start the Analyze services.
Comments
0 comments
Please sign in to leave a comment.