Certificate en https setup

If you have questions or if you want to share your opinion about Aware IM post your message on this forum
Post Reply
robleer
Posts: 285
Joined: Wed Jul 14, 2010 7:01 pm

Certificate en https setup

Post by robleer »

Hi,

I want to run Aware with a https URL and am looking for a how-to guide.

First quest is how to install the certificate.
I've the certificate file, but do not know how to install this in the Tomcat webserver.

And second question, what else do I have to do run run it under https ??

TIA
Rob
Using 8.7 Professional 3025 on MySQL/Windows
hpl123
Posts: 2579
Joined: Fri Feb 01, 2013 1:13 pm
Location: Scandinavia

Re: Certificate en https setup

Post by hpl123 »

This USED to be easy, search the forums and you will find a lot of step by step guides etc. but they doesn't seem to work in later versions of Aware (or Tomcat). Many of the steps are probably the same but something has changed and nobody seems to know (or want to share) what and how to set it up now.

I ended up going the reverse proxy route when I couldn't get my certs integrated and working so is a tip. Otherwise I would suggest you search for Tomcat guides on how to do this in the Tomcat version you are using.

If you manage to figure it out, please share a thought or two on what/how you did.
Henrik (V8 Developer Ed. - Windows)
robleer
Posts: 285
Joined: Wed Jul 14, 2010 7:01 pm

Re: Certificate en https setup

Post by robleer »

Ok, thats a pitty. I was searching in the forum and saw a lot about it, but no real guides or solution. This should be easy, because applications build in Aware should be secure.

So, @Aware_support....could you tell us how to do this properly ??
Using 8.7 Professional 3025 on MySQL/Windows
joben
Posts: 221
Joined: Wed Nov 06, 2019 9:49 pm
Location: Sweden
Contact:

Re: Certificate en https setup

Post by joben »

What file type is your certificate file?
Regards, Joakim

Image
robleer
Posts: 285
Joined: Wed Jul 14, 2010 7:01 pm

Re: Certificate en https setup

Post by robleer »

I received a .pfc, a .cert and a .p7b file
Using 8.7 Professional 3025 on MySQL/Windows
Rennur
Posts: 1191
Joined: Thu Mar 01, 2012 5:13 am
Location: Sydney, Australia

Re: Certificate en https setup

Post by Rennur »

I've implemented Digicert's SSL using a .p7b cert with Tomcat 9.
You need to generate a keystore file .jks and use that file to configure Tomcat.
Detailed steps can be found here https://www.digicert.com/kb/csr-ssl-installation/tomcat-keytool.htm

My Tomcat 9 C:\AwareIM\Tomcat\conf\server.xml SSL config:

Code: Select all

<Connector port="8080" protocol="org.apache.coyote.http11.Http11Nio2Protocol"
               connectionTimeout="60000"
               redirectPort="8443" />

Code: Select all

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11Nio2Protocol" 
               sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation" 
               connectionTimeout="20000" 
               asyncTimeout="150000" 
               maxThreads="450" 
               minSpareThreads="50" 
               SSLEnabled="true" 
               enableLookups="false" 
               scheme="https" 
               secure="true" 
               maxTrailerSize="-1" 
               maxCookieCount="-1" 
               processorCache="450" >
        <SSLHostConfig 
                sslProtocol="TLS"
                protocols="+TLSv1,+TLSv1.1,+TLSv1.2,+TLSv1.3,-SSLv2,-SSLv3" 
                honorCipherOrder="true" 
                ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_SHA,TLS_ECDHE_RSA_WITH_AES_256_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_SHA384,TLS_ECDHE_RSA_WITH_AES_256_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_128_SHA,TLS_DHE_DSS_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_256_SHA256,TLS_DHE_DSS_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_256_SHA" >
                    <Certificate  
                        certificateKeystoreFile="C:\Your\JKS\File\Location\yourJKSfile.jks" 
                        certificateKeystorePassword="yourPasswordgoesHere" 
                        type="RSA" 
                        certificateKeystoreType="JKS" />
        </SSLHostConfig>
    </Connector>
PointsWell
Posts: 1457
Joined: Tue Jan 24, 2017 5:51 am
Location: 'Stralya

Re: Certificate en https setup

Post by PointsWell »

robleer wrote: Wed Sep 14, 2022 1:53 pm Ok, thats a pitty. I was searching in the forum and saw a lot about it, but no real guides or solution. This should be easy, because applications build in Aware should be secure.

So, @Aware_support....could you tell us how to do this properly ??
I would go down the Reverse Proxy route for these reasons
robleer
Posts: 285
Joined: Wed Jul 14, 2010 7:01 pm

Re: Certificate en https setup

Post by robleer »

I managed to get it running on 443 under https.

But now I have a problem in my Aware Configurator.

It does not show my forms anymore. It show something like: Cannot load localhost:443

Any clue?
Using 8.7 Professional 3025 on MySQL/Windows
joben
Posts: 221
Joined: Wed Nov 06, 2019 9:49 pm
Location: Sweden
Contact:

Re: Certificate en https setup

Post by joben »

robleer wrote: Wed Sep 14, 2022 2:52 pm I received a .pfc, a .cert and a .p7b file
pfc, I assume you mean .pfx?

This Tomcat configuration works for me:
viewtopic.php?f=4&t=12399
Regards, Joakim

Image
hpl123
Posts: 2579
Joined: Fri Feb 01, 2013 1:13 pm
Location: Scandinavia

Re: Certificate en https setup

Post by hpl123 »

joben wrote: Mon Sep 19, 2022 7:48 am
robleer wrote: Wed Sep 14, 2022 2:52 pm I received a .pfc, a .cert and a .p7b file
pfc, I assume you mean .pfx?

This Tomcat configuration works for me:
viewtopic.php?f=4&t=12399
Cool, I hadn´t seen this.
Henrik (V8 Developer Ed. - Windows)
Post Reply