Certificate en https setup

robleer

Hi,

I want to run Aware with a https URL and am looking for a how-to guide.

First quest is how to install the certificate.
I've the certificate file, but do not know how to install this in the Tomcat webserver.

And second question, what else do I have to do run run it under https ??

TIA
Rob

hpl123

This USED to be easy, search the forums and you will find a lot of step by step guides etc. but they doesn't seem to work in later versions of Aware (or Tomcat). Many of the steps are probably the same but something has changed and nobody seems to know (or want to share) what and how to set it up now.

I ended up going the reverse proxy route when I couldn't get my certs integrated and working so is a tip. Otherwise I would suggest you search for Tomcat guides on how to do this in the Tomcat version you are using.

If you manage to figure it out, please share a thought or two on what/how you did.

robleer

Ok, thats a pitty. I was searching in the forum and saw a lot about it, but no real guides or solution. This should be easy, because applications build in Aware should be secure.

So, @Aware_support....could you tell us how to do this properly ??

joben

What file type is your certificate file?

robleer

I received a .pfc, a .cert and a .p7b file

Rennur

I've implemented Digicert's SSL using a .p7b cert with Tomcat 9.
You need to generate a keystore file .jks and use that file to configure Tomcat.
Detailed steps can be found here https://www.digicert.com/kb/csr-ssl-installation/tomcat-keytool.htm

My Tomcat 9 C:\AwareIM\Tomcat\conf\server.xml SSL config:

<Connector port="8080" protocol="org.apache.coyote.http11.Http11Nio2Protocol"
               connectionTimeout="60000"
               redirectPort="8443" />

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11Nio2Protocol" 
               sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation" 
               connectionTimeout="20000" 
               asyncTimeout="150000" 
               maxThreads="450" 
               minSpareThreads="50" 
               SSLEnabled="true" 
               enableLookups="false" 
               scheme="https" 
               secure="true" 
               maxTrailerSize="-1" 
               maxCookieCount="-1" 
               processorCache="450" >
        <SSLHostConfig 
                sslProtocol="TLS"
                protocols="+TLSv1,+TLSv1.1,+TLSv1.2,+TLSv1.3,-SSLv2,-SSLv3" 
                honorCipherOrder="true" 
                ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_SHA,TLS_ECDHE_RSA_WITH_AES_256_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_SHA384,TLS_ECDHE_RSA_WITH_AES_256_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_128_SHA,TLS_DHE_DSS_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_256_SHA256,TLS_DHE_DSS_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_256_SHA" >
                    <Certificate  

                        certificateKeystoreFile="C:\Your\JKS\File\Location\yourJKSfile.jks" 
                        certificateKeystorePassword="yourPasswordgoesHere" 
                        type="RSA" 
                        certificateKeystoreType="JKS" />
        </SSLHostConfig>
    </Connector>

PointsWell

robleer wrote
Ok, thats a pitty. I was searching in the forum and saw a lot about it, but no real guides or solution. This should be easy, because applications build in Aware should be secure.

So, @Aware_support....could you tell us how to do this properly ??

I would go down the Reverse Proxy route for these reasons

robleer

I managed to get it running on 443 under https.

But now I have a problem in my Aware Configurator.

It does not show my forms anymore. It show something like: Cannot load localhost:443

Any clue?

joben

robleer wrote
I received a .pfc, a .cert and a .p7b file

pfc, I assume you mean .pfx?

This Tomcat configuration works for me:
https, http2 and pfx certificates, Tomcat configuration>

hpl123

joben wrote
robleer wrote
I received a .pfc, a .cert and a .p7b file

pfc, I assume you mean .pfx?

This Tomcat configuration works for me:
https, http2 and pfx certificates, Tomcat configuration

Cool, I hadn´t seen this.