Configuring SSL certificates for the Link Apache Tomcat application server

If you implement Link on a setup containing Apache Tomcat sever, the implementation works as a Tomcat application.

About this task

Apache Tomcat uses a Java keystore to store SSL certificates. To import certificates into the Link application server Java keystore, use the openssl utility. For more details related to openssl installation, see https://www.openssl.org/.

To configure SSL certificates for the Link Apache Tomcat application server, complete the following steps:

Procedure

  1. To export the SSL certificates into pkcs12 format, run the command open ssl pkcs12.
    The system prompts you to provide the password phrase (for example <my passphrase>) to protect the generated certificate file.

    The -CAfile command option supplies the CA bundle.

    Example: If GoDaddy provides multiple CA PEM files, bundle all CA files (concatenated as text files) into single file named cabundle.crt:

    
gd1.crt>> cabundle.crt
gd2.crt>> cabundle.crt
gd3.crt>> cabundle.crt
openssl pkcs12 -export -in sever.crt -inkey server.key -out dtxtomcat.p12 -name dtxtomcat -CAfile cabundle.crt -caname root
  2. Depending on the platform, access the keytool application from the provided location:
    Microsoft Windows C:\HCL\Link_<version>\java\bin\keytool.exe
    Linux-based OS tomcat-context/install/java/bin/keytool

    To generate java keystore, run the following command:

    
keytool.exe -importkeystore -deststorepass <my passphrase> -destkeypass <my passphrase> -destkeystore dtxtomcat.keystore -srckeystore dtxtomcat.p12 -srcstoretype PKCS12 -srcstorepass changeit -alias dtxtomcat keytool -v -list -keystore dtxtomcat.keystore
    Note: The value of <my passphrase> must match the passphrase value set for the configuration property /tomcat/keystore/password.
  3. For Microsoft Windows and Linux-based operating systems, copy the generated Java keystore to the following location: 
    
<Link installation folder>/restapi/tomcat/server/dtxtomcat.keystore

    where <Link installation folder> is:

    • For Microsoft Windows - C:\HCL\Link_<version>
    • For Linux-based operating systems - tomcat-context/install
  4. In case of Link installation on Docker environment, copy the keystore file from a local folder to the hip-rest container at /usr/local/tomcat using the docker cp command. The value of <my pass phrase> must match the passphrase value in the /usr/local/tomcat/conf/server.xml file within the container.
  5. Restart the Link application. If your user profile has all the appropriate privileges, open a shell and change the working directory to the installation root.
    1. In case of Microsoft Windows, execute the following commands: 
      
DesignServer\stop.bat 
DesignServer\start.bat
    2. In case of Linux-based systems, execute the following commands: 
      
./Link stop
./Link start