Configuring SSL certificates for the Link Apache Tomcat application server
If you implement Link on a setup containing Apache Tomcat sever, the implementation works as a Tomcat application.
About this task
To configure SSL certificates for the Link Apache Tomcat application server, complete the following steps:
Procedure
-
To export the SSL certificates into
pkcs12
format, run the command open ssl pkcs12.The system prompts you to provide the password phrase (for example <my passphrase>) to protect the generated certificate file.The -CAfile command option supplies the CA bundle.
Example: If GoDaddy provides multiple CA
PEM
files, bundle all CA files (concatenated as text files) into single file named cabundle.crt:gd1.crt>> cabundle.crt gd2.crt>> cabundle.crt gd3.crt>> cabundle.crt openssl pkcs12 -export -in sever.crt -inkey server.key -out dtxtomcat.p12 -name dtxtomcat -CAfile cabundle.crt -caname root
-
Depending on the platform, access the keytool application from the provided
location:
Microsoft Windows C:\HCL\Link_<version>\java\bin\keytool.exe Linux-based OS tomcat-context/install/java/bin/keytool To generate java keystore, run the following command:
keytool.exe -importkeystore -deststorepass <my passphrase> -destkeypass <my passphrase> -destkeystore dtxtomcat.keystore -srckeystore dtxtomcat.p12 -srcstoretype PKCS12 -srcstorepass changeit -alias dtxtomcat keytool -v -list -keystore dtxtomcat.keystore
Note: The value of <my passphrase> must match thepassphrase
value set for the configuration property /tomcat/keystore/password. -
For Microsoft Windows and Linux-based operating systems, copy the generated
Java keystore to the following location:
<Link installation folder>/restapi/tomcat/server/dtxtomcat.keystore
where <Link installation folder> is:
- For Microsoft Windows - C:\HCL\Link_<version>
- For Linux-based operating systems - tomcat-context/install
-
In case of Link installation on Docker environment, copy the keystore file from
a local folder to the
hip-rest
container at /usr/local/tomcat using the docker cp command. The value of <my pass phrase> must match thepassphrase
value in the /usr/local/tomcat/conf/server.xml file within the container. -
Restart the Link application. If your user profile has all the appropriate
privileges, open a shell and change the working directory to the installation
root.