We recommend switching to the latest versions of Edge, Firefox, Chrome or Safari. Using Internet Explorer will result in a loss of website functionality.
Our Support systems migrated on Saturday, May 21. We'll automatically forward you to the new location for this content.

Articles in this section

See more

Setting up SSL with a CA certificate

Avatar
Gerard Cafaro
  • Updated
Follow

The instructions for installing certs received from a Certification Authority (CA) are slightly different than the instructions for self-signed certificates. The steps below will allow you to use a cert from a CA and import it into Analyze. For self-signed certificates, please use the instructions here instead. 

  1. Stop all services
  2. Open command prompt or a terminal session and navigate to: 
    <install directory>/jre/jre/bin
  3. Import the cert into Analyze's embedded Java's cacerts. The sample command below will need to be updated with the destination keystore location with your actual Analyze installation location and the source keystore updated with your PKCS12 key location:
    keytool -importkeystore -deststorepass changeit -destkeystore "C:\Program Files\Data3SixtyAnalyze\jre\jre\lib\security\cacerts" -srckeystore "C:\Users\gcafaro\Desktop\certwithkey.pfx" -srcstoretype PKCS12
  4. Import the cert into a new keystore. The command will create the keystore if it doesn't exist already. The sample command below will need to be updated with the destination keystore location with your actual Analyze installation location and the source keystore updated with your PKCS12 key location:
     
    keytool -importkeystore -deststorepass changeit -destkeystore keystore.jks -srckeystore "C:\Users\gcafaro\Desktop\certwithkey.pfx" -srcstoretype PKCS12
  5. Run the following command:
    keytool -list -keypass changeit -storepass changeit -keystore keystore.jks
    Make note of the newly imported key's alias for a future step. Your key may have an auto-generated alias, similar to a UUID, or a name. The bolded value below is the location of the alias: 
    te-004ac672-f945-60e1-9529-ac97fc3c96a3, Dec 30, 2019, PrivateKeyEntry,
    Certificate fingerprint (SHA1): 44:95:FF:C6:AA:DD:D5:53:97:11:22:33:44:55:66:77:88:99:00:AA
  6. Copy the keystore.jks created in step 4 to:
    <install directory>/tomcat/conf
  7. Open the following file for editing:
    <install directory>/tomcat/conf/server.xml
  8. Within server.xml, add the following text after the <Service name="Catalina"> tag. Update the keyAlias and keyPass parameters with your actual values. You may also optionally update the port value to 443 or another appropriate port.
    <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" 
    port="8443" maxThreads="200" keyAlias="myKeyAlias" keyPass="myKeyPass"
    scheme="https" secure="true" SSLEnabled="true" 
    keystoreFile="conf/keystore.jks" keystorePass="changeit" 
    clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" compression="on"
    compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/json"/>
  9. Open the following file for editing:
    <install directory>/tomcat/conf/web.xml
  10. Within web.xml, add the following text within the main <web-app> tag. No changes are needed to the values below: 
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Entire Application</web-resource-name>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
  11. Open the following file for editing:
    <Analyze site directory>/conf/cust.prop
  12. Within cust.prop, add the following text and update localhost to the actual Analyze server name and port to the value specified within server.xml:
     
    ls.brain.webapp.contextUrl=https://localhost:8443/
  13. Start the Analyze services.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.