QUESTION:
How do I configure or change the SSL certificate using PFX file?
SOLUTION:
A Java KeyStore (JKS) is a repository of security certificates and the private keys, used for instance in SSL encryption.
- The password used to create the 'keystore' file must not contain any special characters. Otherwise, the Web Application will be unable to load the file.
- Rename or move the existing keystore located at <TRAVERSE_HOME>/plugin/web/webapp.keystore
Configuring SSL for the Web Application using PFX file:
- The application server (Apache Tomcat) used by Traverse uses a JKS format keystore.
- Create a keystore using below command.
"TRAVERSE_HOME\apps\jre\bin\keytool" -importkeystore -srckeystore "xxxxxxxxx.pfx" -srcstoretype pkcs12 -destkeystore "<TRAVERSE_HOME>\plugin\web\webapp.keystore" -deststoretype JKS -deststorepass changeit
srckeystore - use the PFX file name, including it's location e.g C:/Program Files/Certificates/****.pfx
source Keystore password- password of PFX file
- List the webapp.keystore:
Scroll to the top of output and copy the alias name.
"TRAVERSE_HOME\apps\jre\bin\keytool" -list -storepass changeit -keystore "TRAVERSE_HOME\plugin\web\webapp.keystore" -v
- Change the alias key password to the Traverse default value of 'changeit':
alias: use the alias name from the listed output.
alias password: Use PFX password
New alias password: It should be "changeit"
"TRAVERSE_HOME\apps\jre\bin\keytool" -keypasswd -alias xxxxxxx -keystore "TRAVERSE_HOME\plugin\web\webapp.keystore" -storepass changeit
- Change the alias name:
alias: use the alias name from the listed output.
"TRAVERSE_HOME\apps\jre\bin\keytool" -changealias -alias xxxxxxx -destalias tomcat -storepass changeit -keystore "<TRAVERSE_HOME>\plugin\web\webapp.keystore"
- Verify the alias name "tomcat" in webapp.keystore:
"TRAVERSE_HOME\apps\jre\bin\keytool" -list -storepass changeit -keystore "TRAVERSE_HOME\plugin\web\webapp.keystore" -v
- Note that the password matches the Traverse default defined in Traverse_home\app\tomcat\conf\server.xml:
keystorePass="changeit" keystoreFile="../../plugin/web/webapp.keystore"
- Restart the traverse webapp