Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Stop the Tomcat server.

    Code Block
    linenumberstrue
    <FlexDeploy Home>/StopFlexDeploy.sh


  2. Create a Java Key Store to hold your SSL Certificate. You will need to update location to JDK, alias, and give appropriate path for the keystore location.

    Code Block
    linenumberstrue
    /u01/java/jdk1.8.0_281/bin/keytool -genkey -alias myaliasmykeystorealias -keyalg RSA -keystore /home/oracle/flexdeploy.keystore


  3. Import your SSL certificate. You will need to adjust the JDK location, the keystore name, alias name, and the certificate file name.

    Warning
    titleNotice

    When you are importing the SSL certificate, the certificate alias must be different than the keystore alias. Otherwise, you will see the below error:

    keytool error: java.lang.Exception: Public keys in reply and keystore don't match


    Code Block
    linenumberstrue
    /u01/java/jdk1.8.0_281/bin/keytool -import -alias myalias -file mycert.cer -keystore /home/oracle/flexdeploy.keystore


    To generate a self-signed certificate and import into the keystore, issue the following command, adjusting the paths and parameters as necessary.

    Code Block
    linenumberstrue
    /u01/java/jdk1.8.0/bin/keytool -genkeypair -alias myalias -keyalg RSA -validity 365 -keysize 2048 -keystore /home/oracle/flexdeploy.keystore


  4. Edit <FlexDeploy Home>/apache-tomcat-flexdeploy/conf/server.xml. Modify the HTTP connector that is listening on port 80 as follows to listen on some port (not 443). Be sure to adjust keystore file path.

    Code Block
    linenumberstrue
    <Connector port="8443" protocol="HTTP/1.1" sslVerifyClient="optional" sslEnabledProtocols="TLSv1.2,TLSv1.1,SSLv2Hello"
                   connectionTimeout="20000" maxThreads="200" SSLEnabled="true" secure="true"
                   maxHttpHeaderSize="16384" schema="https" keystoreFile="/home/oracle/flexdeploy.keystore"
                   keystorePass="changeit" clientAuth="false" sslProtocol="TLS"/>


    On Unix, privileged ports (less than 1024) cannot be opened by a non-root user. The solution is to forward traffic from 443 to the port used above (8443). As root, update iptable rule to redirect the traffic from 443 to 8443.

    Code Block
    linenumberstrue
    iptables -t nat -I PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 8443


  5. Start the Tomcat server.

    Code Block
    linenumberstrue
    <FlexDeploy Home>/StopFlexDeploy.sh


  6. Test in browser.

    Code Block
    linenumberstrue
    https://<your.hostname>/flexdeploy




    Tip

    New to Certificates and the keytool utility? Reference this cheat sheet for assistance.