RoisinCleary
Flexera beginner

Flexera Code Insight SSL cert renewal

Hi -  Looking for information on performing an SSL cert on the FNCI server - is it possible to install Apache rather than using tomcat on the server to install the cert on or does it have to be tomcat. Also can you give us detailed instructions on what it needs to be installed and configured on, thanks

Labels (1)
0 Kudos
2 Replies
vkushwaha
Flexera
Flexera

Hi Roisin Cleary


We use tomcat server to run FNCI, and SSL configuration has to be done for Tomcat.
Please refer Enabling Secure HTTP Over SSL,  in install guide 
Can you elaborate more on what do you mean by Apache?

 

Regards

Vaibhav

0 Kudos

hi  - we are looking for step by step instructions on how to install the SSL cert on the linux server: can you provide instructions from supplying the commands lines to configuring the xml file within the tomcat directory folder: I found the following but it looks like a brand new install:

1. Purchase a Secure Site SSL certificate, or generate your own self-signed certificate. The procedures for using a purchased certificate and for generating your own differ. Depending upon your type of certificate, consult one of the following sections:

• Purchasing a Secure Site SSL certificate

• Generating a Self-signed Certificate 2. Edit the \tomcat\bin\catalina.bat file (or the catalina.sh file depending on your operating system): set -Dcodeinsight.ssl=true (default value is false) 3. Back up the \tomcat\conf\server.xml file to another directory (outside of the conf directory), and then copy server.xml from \tomcat\https to \tomcat\conf. The server.xml file contains a default configuration that references a keystore at \tomcat\codeinsight.jks.

You will need to update this information as needed for your certificate, as described in step 5. 4. In the server.xml file, locate the following text, and ensure that the SSLEngine value is on: 5. In the server.xml file, locate for the following text that introduces the section describing the SSL certificate: FNCI SSL: Edit this section to match your certificate information.

This section shows the default values for the certificate: 6. Update the following parameters in this section to reflect your certificate information: keystoreFile: the file name of the keystore containing the certificate keystorePass: the password of the keystore keyAlias: the alias for the certificate entry in the keystore keyPass: the password for the certificate entry

Note • If the keystore and alias passwords are the same, you can specify keyPass, keystorePass or both. 7. Restart the Tomcat server after making changes to the server.xml file or to a keystore. For more information, see Enabling Secure HTTP Over SSL.

 

OR IS IT THIS?

Purchasing a Secure Site SSL certificate The following are two sources for purchasing a Secure Site SSL Certificate:

http://www.verisign.com/ssl/buy-ssl-certificates/secure-site-ssl-certificates/index.html

https://www.thawte.com/ssl-digital-certificates/ssl/index.html

Follow your vendor's instructions for generating a certificate signing request (CSR) and importing the certificate into the keystore.

Creating a Keystore for a Purchased Secure Site SSL Certificate--Example The following is an example of a command to create a keystore for a Secure Site SSL Certificate on the server: keytool -import -alias "" -file -keystore \tomcat\ -storepass "" Task To use a purchased Secure Site SSL Certificate, do the following:

1. Export the certificate and import it into cacerts, which is in \jre\lib\security. keytool -export -alias "" -file .crt -keystore .jks keytool -delete -alias "" -keystore cacerts keytool -import -alias "" -keystore cacerts -file .crt

Note • The default password for cacerts is changeit.

2. (Optional) To check the contents of the keystore, enter the following command: keytool -list -keystore cacerts shows keystore contents 3. Update the \tomcat\conf\server.xml file with values you provided in the command to create the keystore so Tomcat can access the generated certificate. See step 2 in the previous section, Enabling an HTTPS Connection

Can you clarify where I start from?

thanks Roisin

0 Kudos