HTTPS / SSL AwareIm

If you have questions or if you want to share your opinion about Aware IM post your message on this forum
customaware
Posts: 2391
Joined: Mon Jul 02, 2012 12:24 am
Location: Ulaanbaatar, Mongolia

Re: HTTPS / SSL AwareIm

Post by customaware »

PM Suwandy (member cishpix)

He is a genius and can fix it for you.

You should negotiate a fee but not overly expensive.

Suwandy manages ALL on my servers and is very talented and trustworthy.
Cheers,
Mark
_________________
AwareIM 6.0, 8.7, 8.8, 9.0 , MariaDB, Windows 10, Ubuntu Linux. Theme: Default, Browser: Arc
Upcloud, Obsidian....
Image
JonP
Posts: 287
Joined: Thu Feb 16, 2017 9:49 pm
Location: United States

Re: HTTPS / SSL AwareIm

Post by JonP »

I can attest to Suwandy's excellence and reasonableness.
v8.1 on Windows 10 / MySQL 5.6 (local), v8.1 on Windows Server 2016 / MySQL 5.6 (server)
cishpix
Posts: 183
Joined: Fri Nov 06, 2015 5:07 am
Location: Indonesia

Re: HTTPS / SSL AwareIm

Post by cishpix »

Hello Gabbitas, let me to answer you
Gabbitas wrote:I'm using a windows server 2008 and I'm still on AwareIM v6. Im confident that port 443 is open as I am able to reach it from outside the server with a port testing tool.
I should check your domain first to make sure the problem so would you like let me know your domain name?
Gabbitas wrote: 1) Does the extension of the keystore file matter?
2) Is the location of the keystore important and does it need to be in a certain place?
3) If I go to my AwareIM control panel and look at settings I currently run tomcat on port 80. Should I be changing this to port 443 or does it get left as port 80?
  1. I don't think so, you can give the extension as you want or remove it.
  2. Absolutely yes but you can locate it as you want as long as you have set it in server.xml
  3. Leave it port 80
Many thanks for you (Jon and Mark), I just done it as your request with my best performance.
Regards,

Suwandy
-----------------
Kisaran - Indonesia
himanshu
Posts: 722
Joined: Thu Jun 19, 2008 6:24 am
Location: India
Contact:

Re: HTTPS / SSL AwareIm

Post by himanshu »

JonP wrote:I can attest to Suwandy's excellence and reasonableness.
+1
From,
Himanshu Jain


AwareIM Consultant (since version 4.0)
OS: Windows 10.0, Mac
DB: MYSQL, MSSQL
Gabbitas
Posts: 334
Joined: Sun Jan 03, 2010 3:36 am

Re: HTTPS / SSL AwareIm

Post by Gabbitas »

Thanks guys, I appreciate your input on this one.

After a whole day of research, fiddling and learning I managed to finally secure all of my servers with a wildcard certificate! The issues I was facing were due to an error in the server and intermediate certificates that were provided to me. After I had them re-issued I essentially just followed himanshu’s pdf guide and it worked a treat. Thanks to himanshu for taking the time to write up a guide.

I would encourage anyone to have a go at this. It seems very daunting at first but by doing a bit of research and watching a few videos on YouTube it’s not to difficult to understand in the end.

Thanks again to all contributors
Jaymer
Posts: 2430
Joined: Tue Jan 13, 2015 10:58 am
Location: Tampa, FL
Contact:

Re: HTTPS / SSL AwareIm

Post by Jaymer »

https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html

a great read. won't take that long. will confirm many of the things in this post.

the "alias" is important, and I didn't realize it from just copy/pasting Himanshu's instructions. I got back 4 certs - he had 2. There is a specific order to install them, so I had a little difficulty. And I don't think Mark or Himanshu mentioned this little goody found in this doc:

If you change the port number here [in the server.xlm <connector> entry], you should also change the value specified for the redirectPort attribute on the non-SSL connector [from 8443 to 443]. This allows Tomcat to automatically redirect users who attempt to access a page with a security constraint specifying that SSL is required, as required by the Servlet Specification.
Click Here to see a collection of my tips & hacks on this forum. Or search for "JaymerTip" in the search bar at the top.

Jaymer
Aware Programming & Consulting - Tampa FL
jannes
Posts: 100
Joined: Tue Jul 02, 2019 12:22 pm

Re: HTTPS / SSL AwareIm

Post by jannes »

Hi,

I/m struggling (for several days now) with installing SSL on a Windows-server 2012.

I read and re-read several times :
http://softservsolutions.com/AwareIM/SS ... IM_SSL.pdf

I ordered a certificate and received 3 crt-files, placed them in the folder of the keystore : AwareIM\JDK\bin\
I imported these crt-files using "keytool" and also edited server.xml

Restarting AwareIM didn't gave the result I expected.
Can anybody help me ? Maybe I just forgot a small thing...

regards
Jannes
hpl123
Posts: 2579
Joined: Fri Feb 01, 2013 1:13 pm
Location: Scandinavia

Re: HTTPS / SSL AwareIm

Post by hpl123 »

I have also struggled with this starting somewhere after v8 and it seems like it doesn't work like it used to, my notes for doing the process which has worked for years doesn't work any longer and my notes hasn't changed so maybe something in Aware or the certificates and process in general? I went another way and now using a reverse proxy instead so is a tip for you and/but, an updated step by step guide from someone who done this in recent versions would be nice.
Henrik (V8 Developer Ed. - Windows)
himanshu
Posts: 722
Joined: Thu Jun 19, 2008 6:24 am
Location: India
Contact:

Re: HTTPS / SSL AwareIm

Post by himanshu »

Hi Henrick,

I was using LetsEncrypt from last couple of years, and the one document which was shared is helpful in case if you use another paid way.

@Jannes - pls connect on PM to understand your issue will try to help or will refer to someone.
From,
Himanshu Jain


AwareIM Consultant (since version 4.0)
OS: Windows 10.0, Mac
DB: MYSQL, MSSQL
cishpix
Posts: 183
Joined: Fri Nov 06, 2015 5:07 am
Location: Indonesia

Re: HTTPS / SSL AwareIm

Post by cishpix »

jannes wrote: Fri Feb 12, 2021 3:40 pm I ordered a certificate and received 3 crt-files, placed them in the folder of the keystore : AwareIM\JDK\bin\
I imported these crt-files using "keytool" and also edited server.xml
Hi Jannes, we usually split the certificate into 3 files with NIO protocol and do not use keytool again begin from Tomcat 8
Regards,

Suwandy
-----------------
Kisaran - Indonesia
hpl123
Posts: 2579
Joined: Fri Feb 01, 2013 1:13 pm
Location: Scandinavia

Re: HTTPS / SSL AwareIm

Post by hpl123 »

himanshu wrote: Fri Feb 12, 2021 6:11 pm Hi Henrick,

I was using LetsEncrypt from last couple of years, and the one document which was shared is helpful in case if you use another paid way.

@Jannes - pls connect on PM to understand your issue will try to help or will refer to someone.
Thanks and/so you have had Tomcat set up with Letsencrypt? That is the holy grail as far as I'm concerned. It's free and autorenew (set and forget). I use it with IIS today for websites and also for Aware via a reverse proxy but it isn't as good as having it set directly for Tomcat. Is it the Tomcat document you refer to as helpful or the softserv one (link doesn't work).
Henrik (V8 Developer Ed. - Windows)
hpl123
Posts: 2579
Joined: Fri Feb 01, 2013 1:13 pm
Location: Scandinavia

Re: HTTPS / SSL AwareIm

Post by hpl123 »

cishpix wrote: Sat Feb 13, 2021 3:41 am
jannes wrote: Fri Feb 12, 2021 3:40 pm I ordered a certificate and received 3 crt-files, placed them in the folder of the keystore : AwareIM\JDK\bin\
I imported these crt-files using "keytool" and also edited server.xml
Hi Jannes, we usually split the certificate into 3 files with NIO protocol and do not use keytool again begin from Tomcat 8
A bit more details about this and how to set it up would be nice?
Henrik (V8 Developer Ed. - Windows)
Jaymer
Posts: 2430
Joined: Tue Jan 13, 2015 10:58 am
Location: Tampa, FL
Contact:

Re: HTTPS / SSL AwareIm

Post by Jaymer »

here's 1 way to do it with the 3 files.
build 8.5
file: server.xml

Code: Select all

    <Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="443" />
			   
    <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
			<SSLHostConfig ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384">
            <Certificate certificateFile="C:\AwareIM\Tomcat\conf\certificate.cer"
                         certificateChainFile="C:\AwareIM\Tomcat\conf\bundle.crt"
						 certificateKeyFile="C:\AwareIM\Tomcat\conf\certificate.key"
                         type="RSA"/>
        </SSLHostConfig>
    </Connector>

--> JaymerTip SSL Port 443 Tomcat Config Server.XML
Attachments
Screen Shot 2021-02-14 at 4.58.53 PM.png
Screen Shot 2021-02-14 at 4.58.53 PM.png (81.36 KiB) Viewed 14594 times
Click Here to see a collection of my tips & hacks on this forum. Or search for "JaymerTip" in the search bar at the top.

Jaymer
Aware Programming & Consulting - Tampa FL
hpl123
Posts: 2579
Joined: Fri Feb 01, 2013 1:13 pm
Location: Scandinavia

Re: HTTPS / SSL AwareIm

Post by hpl123 »

Jaymer wrote: Sun Feb 14, 2021 10:00 pm here's 1 way to do it with the 3 files.
build 8.5
file: server.xml

Code: Select all

    <Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="443" />
			   
    <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
			<SSLHostConfig ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384">
            <Certificate certificateFile="C:\AwareIM\Tomcat\conf\certificate.cer"
                         certificateChainFile="C:\AwareIM\Tomcat\conf\bundle.crt"
						 certificateKeyFile="C:\AwareIM\Tomcat\conf\certificate.key"
                         type="RSA"/>
        </SSLHostConfig>
    </Connector>

--> JaymerTip SSL Port 443 Tomcat Config Server.XML
Is it really that simple, have you successfully implemented/tested this doing only these 2 things?
Henrik (V8 Developer Ed. - Windows)
cishpix
Posts: 183
Joined: Fri Nov 06, 2015 5:07 am
Location: Indonesia

Re: HTTPS / SSL AwareIm

Post by cishpix »

hpl123 wrote: Mon Feb 15, 2021 11:38 am Is it really that simple, have you successfully implemented/tested this doing only these 2 things?
Yes, it's really simple, I have implemented it (exactly like Jaymer share the tomcat configuration in server.xml file) to some AwareIM servers that running in Windows, Linux and Macintosh too. If you need my hand, you can PM me directly :)
Jaymer wrote: Sun Feb 14, 2021 10:00 pm here's 1 way to do it with the 3 files.
Thank you Jaymer that help me to answer Henrik question, I appreciate you :wink:
Regards,

Suwandy
-----------------
Kisaran - Indonesia
Post Reply