Skip to main content

Configure SSL on predeployed tomcat

Requirements

  • .pfx certificate 

  • System with OpenSSL (this guide will use a Linux System)

info

If .key and .crt files are available you can skip to the step Configure SSL.

Create .key and .crt files

With OpenSSL available one a Linux system we can convert the MyCert.pfx file into MyCert.key and MyCert.crt.

/tmp$ openssl pkcs12 -in MyCert.pfx -nocerts -out MyCert.private.key /tmp$ openssl rsa -in MyCert.private.key -out MyCert.key /tmp$ openssl pkcs12 -in MyCert.pfx -clcerts -nokeys -out MyCert.crt

Copy the files MyCert.key and MyCert.crt to the Server that is running the iGrafx Platform into the folder

...\iGrafx-Platform\igrafxdata

Configure SSL

Adaptions for server.xml and web.xml are necessary to enable SSL.

server.xml

Comment out the connector from server.xml by adding <!-- and --> before resp. after the Connector tag. 

...\iGrafx-Platform\apache-tomcat-9.0.107\conf\server.xml
<!-- <Connector port="${igrafx.http.port}" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" URIEncoding="utf-8" /> -->

Add the following code below the commented out section. Make sure to specify the correct path for MyCert.crt and MyCert.key

...\iGrafx-Platform\apache-tomcat-9.0.107\conf\server.xml
<Connector port="${igrafx.http.port}" redirectPort="443" /> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLSv1" SSLCertificateFile="..\..\igrafxdata\MyCert.crt" SSLCertificateKeyFile="..\..\igrafxdata\MyCert.key" connectionTimeout="20000" URIEncoding="utf-8" />

web.xml

If the webserver should only be available through https and not http anymore, web.xml has to be adapted. Add the following code before the last line </web-app>

...\iGrafx-Platform\apache-tomcat-9.0.107\conf\web.xml
<security-constraint> <web-resource-collection> <web-resource-name>Protected Context</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <!-- auth-constraint goes here if you require authentication --> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> </web-app>

Restart the iGrafx Platform service for the changes to take effect.   This article contains