Versions Compared

Old Version 1

changes.mady.by.user Hayden Mumm

Saved on

compared with

New Version 2

changes.mady.by.user Hayden Mumm

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The use of SSL is required. These steps will be for generating and using a self signed certificate. You can of course use any other certificate compatible with Tomcat. See the Tomcat Documentation for more details.

Let’s generate the self signed certificate in the HTTPS_AGENT_HOME/config directory. Run the following command.

Code Block
keytool -genkey -keyalg RSA -alias tomcat -keystore tomcat.jks -validity 365 -keysize 2048

When prompted enter a password for the keystore.

Then when prompted for your name input the hostname for the server. The rest of the information is not needed (although you can input it).

After that you will be prompted for the password for the tomcat key, press enter to use the same password as the keystore.

Next let’s export the certificate in order to add it to the FlexDeploy server’s trust store.

Code Block
keytool -export -keystore tomcat.jks -storepass <password> -alias tomcat -file httpsagent.cer

The last thing we need to do on the endpoint is configure the keystore password (and the location of the file if not generated in the config directory). Open up the HTTPS_AGENT_HOME/apache-tomcat-flexdeploy-https-agent/conf/server.xml file. Find the SSL connector (by default set for port 8444) and add the keystore password like this:

Code Block
languagexml
<Connector port="8444" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" SSLEnabled="true"
           keystoreFile="../config/tomcat.jks" keystorePass="KEYSTORE PASSWORD HERE">
</Connector>

Now let’s import the certificate into the java trust store on the FlexDeploy server.

First copy over the certificate we generated (with the .cer extension).

Next let’s determine the java install used by the FlexDeploy server.

If you set JAVA_HOME in your setenvoverride.sh file, use that directory.

If you didn’t set it, but it is already set in your system use that value, Run echo "$JAVA_HOME" to find that out.

If it’s not set in setenvoverride.sh or the environment run this command to find the path used dirname $(dirname $(readlink -f $(which javac)))

Then we can run the following command on the server.

Code Block
keytool -import -noprompt -trustcacerts -alias tomcat -file httpsagent.cer -keystore "JAVA_INSTALL_PATH/jre/lib/security/cacerts" -storepass changeit

Now your server will be able to connect to the endpoint.

Step 5. Start the server.

Run the StartFlexDeployHttpsAgent.sh script to start the agent.