Versions Compared

Old Version 4

changes.mady.by.user Karl Henselin

Saved on

compared with

New Version Current

changes.mady.by.user Karl Henselin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
/u01/java/jdk8/bin/keytool -genkey -alias mykeystorealiasflexkeystore -keyalg RSA -keystore /homeu01/oracleflexdeploy/flexdeploy.keystore

Import your SSL certificate. You will need to adjust the JDK location, the keystore name, alias name, and the certificate file name.

...

Code Block
/u01/java/jdk8/bin/keytool -import -alias myaliasflexdeploy -file mycert.cer -keystore /homeu01/oracleflexdeploy/flexdeploy.keystore


To generate a self-signed certificate and import into the keystore, issue the following command, adjusting the paths and parameters as necessary.

Code Block
/u01/java/jdk8/bin/keytool -genkeypair -alias myaliasflexdeploy -keyalg RSA -validity 365 -keysize 2048 -keystore /homeu01/oracleflexdeploy/flexdeploy.keystore

Edit <FlexDeploy Home>/apache-tomcat-flexdeploy/conf/server.xml. Modify the HTTP connector that is listening on port 80 as follows to listen on some port (not 443). Be sure to adjust keystore file path.

Code Block
<Connector port="8443" protocol="HTTP/1.1" sslEnabledProtocols="TLSv1.2"
               connectionTimeout="20000" maxThreads="200" SSLEnabled="true" secure="true"
               maxHttpHeaderSize="16384" keystoreFile="/homeu01/oracleflexdeploy/flexdeploy.keystore"
               keystorePass="changeit" keyAlias="myalias" clientAuth="false" compression="on" compressionMinSize="1024" />

In case the certificate is shared in .pfx format the same can be converted to desired jks format using below command

Code Block
languagebash
keytool -importkeystore -srckeystore /homeu01/oracleflexdeploy/flexdeploydev.pfx -srcstoretype pkcs12 -destkeystore /homeu01/oracleflexdeploy/flexdeploy.keystore -deststoretype JKS

...



#Note that this doesn't set the private key password to match the new keystore password. Instead, it will (likely) match the previous pfx password.
#It isn't required to match the new keystore and new keypass, but if you don't, you need to add keyPass="" in your server.xml.
keytool -keypasswd -new <new keyPass>-keystore /u01/flexdeploy/keystore -alias <was printed on screen after previous command> -keypass <previous pfx password>

Or, you can use it as is, although it might be more difficult to modify as needed later.

Code Block
<Connector port="8443" protocol="HTTP/1.1" sslEnabledProtocols="TLSv1.2"
               connectionTimeout="20000" maxThreads="200" SSLEnabled="true" secure="true"
               maxHttpHeaderSize="16384" keystoreFile="/homeu01/oracleflexdeploy/flexdeploy.pfx"
               keystorePass="changeit" keyAlias="myalias" clientAuth="false" />

Or, you can convert it to jks format using below command

Code Block
languagebash
keytool -importkeystore -srckeystore /home/oracle/flexdeploydev.pfx -srcstoretype pkcs12 -destkeystore /home/oracle/flexdeploy.keystore -deststoretype JKScompression="on" compressionMinSize="1024"/>

On Unix, privileged ports (less than 1024) cannot be opened by a non-root user. The solution is to forward traffic from 443 to the port used above (8443). As root, update iptable rule to redirect the traffic from 443 to 8443.

...