Configuring SSL certificates for the Link Apache Tomcat application server
If you implement Link on a setup containing Apache Tomcat sever, the implementation works as a Tomcat application.
About this task
Apache Tomcat uses a Java keystore to store SSL certificates. To import certificates
into the Link application server Java keystore, use the openssl
utility. For more details related to openssl
installation, see
https://www.openssl.org/.
To configure SSL certificates for the Link Apache Tomcat application server, complete the following steps:
Procedure
-
To export the SSL certificates into pkcs12 format, run the command open ssl
pkcs12. The system prompts you to provide the password phrase (for example
<my passphrase>) to protect the generated certificate
file. The
-CAfile
command option supplies the CA bundle.If GoDaddy provides multiple CA PEM files, bundle all CA files (concatenated as text files) into single file named cabundle.crt:gd1.crt>> cabundle.crt gd2.crt>> cabundle.crt gd3.crt>> cabundle.crt openssl pkcs12 -export -in sever.crt -inkey server.key -out dtxtomcat.p12 -name dtxtomcat -CAfile cabundle.crt -caname root
-
Depending on the platform, access the keytool application from the provided
location:
Microsoft Windows C:\HCL\Link_<version>\java\bin\keytool.exe Linux-based OS tomcat-context/install/java/bin/keytool To generate java keystore, run the following command:
keytool.exe -importkeystore -deststorepass <my passphrase> -destkeypass <my passphrase> -destkeystore dtxtomcat.keystore -srckeystore dtxtomcat.p12 -srcstoretype PKCS12 -srcstorepass changeit -alias dtxtomcat keytool -v -list -keystore dtxtomcat.keystore
Note: The value of <my passphrase> must match the passphrase value set for the configuration property /tomcat/keystore/password. -
For Microsoft Windows and Linux-based operating systems, copy the generated
Java keystore to the following location:
<Link installation folder>/restapi/tomcat/server/dtxtomcat.keystore
where <Link installation folder> is:- For Microsoft Windows - C:\HCL\Link_<version>
- For Linux-based operating systems - tomcat-context/install
-
In case of Link installation on Docker environment, copy the keystore file from
a local folder to the
hip-rest
container at /usr/local/tomcat using the docker cp command. The value of <my pass phrase> must match the passphrase value in the /usr/local/tomcat/conf/server.xml file within the container. -
Restart the Link application. If your user profile has all the appropriate
privileges, open a shell and change the working directory to the installation
root.