...
Code Block |
---|
<Connector port="8443" protocol="HTTP/1.1" sslEnabledProtocols="TLSv1.2"
connectionTimeout="20000" maxThreads="200" SSLEnabled="true" secure="true"
maxHttpHeaderSize="16384" keystoreFile="/u01/flexdeploy/keystore"
keystorePass="changeit" keyAlias="myalias" clientAuth="false" compression="on" compressionMinSize="1024" /> |
In case the certificate is shared in .pfx format the same can be converted to desired jks format using below command
Code Block | ||
---|---|---|
| ||
keytool -importkeystore -srckeystore /u01/flexdeploy/flexdeploydev.pfx -srcstoretype pkcs12 -destkeystore /u01/flexdeploy/keystore -deststoretype JKS
#Note that this doesn't set the private key password to match the new keystore password. Instead, it will (likely) match the previous pfx password.
#It isn't required to match the new keystore and new keypass, but if you don't, you need to add keyPass="" in your server.xml.
keytool -keypasswd -new <new keyPass>-keystore /u01/flexdeploy/keystore -alias <was printed on screen after previous command> -keypass <previous pfx password>
|
Or, you can use it as is, although it might be more difficult to modify as needed later.
Code Block |
---|
<Connector port="8443" protocol="HTTP/1.1" sslEnabledProtocols="TLSv1.2"
connectionTimeout="20000" maxThreads="200" SSLEnabled="true" secure="true"
maxHttpHeaderSize="16384" keystoreFile="/u01/flexdeploy/flexdeploy.pfx"
keystorePass="changeit" keyAlias="myalias" clientAuth="false" compression="on" compressionMinSize="1024"/> |
On Unix, privileged ports (less than 1024) cannot be opened by a non-root user. The solution is to forward traffic from 443 to the port used above (8443). As root, update iptable rule to redirect the traffic from 443 to 8443.
...