Skip to main content
Skip table of contents

Configure SSL on predeployed tomcat

Requirements

  • .pfx certificate 
  • System with OpenSSL (this guide will use a Linux System)

If .key and .crt files are available you can skip to the step Configure SSL.

Create .key and .crt files

With OpenSSL available one a Linux system we can convert the MyCert.pfx file into MyCert.key and MyCert.crt.

BASH 
/tmp$ openssl pkcs12 -in MyCert.pfx -nocerts -out MyCert.private.key

/tmp$ openssl rsa -in MyCert.private.key  -out MyCert.key

/tmp$ openssl pkcs12 -in MyCert.pfx -clcerts -nokeys -out MyCert.crt

Copy the files MyCert.key and MyCert.crt to the Server that is running the iGrafx Platform into the folder

...\iGrafx-Platform\igrafxdata

Configure SSL

Adaptions for server.xml and web.xml are necessary to enable SSL.

server.xml

Comment out the connector from server.xml by adding <!-- and --> before resp. after the Connector tag. 

...\iGrafx-Platform\apache-tomcat-8.0.36\conf\server.xml

CODE 
    <!--
    <Connector port="${igrafx.http.port}" protocol="HTTP/1.1"
				connectionTimeout="20000"
				redirectPort="8443"
				URIEncoding="utf-8" />
    -->

 

Add the following code below the commented out section. Make sure to specify the correct path for MyCert.crt and MyCert.key

...\iGrafx-Platform\apache-tomcat-8.0.36\conf\server.xml

CODE 
    <Connector port="${igrafx.http.port}" redirectPort="443" />

    <Connector port="443" protocol="HTTP/1.1"
            SSLEnabled="true"
            maxThreads="150"
			scheme="https" secure="true"
            clientAuth="false" sslProtocol="TLSv1"           
			SSLCertificateFile="..\..\igrafxdata\MyCert.crt"           
			SSLCertificateKeyFile="..\..\igrafxdata\MyCert.key"
            connectionTimeout="20000"
            URIEncoding="utf-8" />

web.xml

If the webserver should only be available through https and not http anymore, web.xml has to be adapted. Add the following code before the last line </web-app> 

...\iGrafx-Platform\apache-tomcat-8.0.36\conf\web.xml

CODE 
<security-constraint>
    <web-resource-collection>
      <web-resource-name>Protected Context</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <!-- auth-constraint goes here if you require authentication -->
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

</web-app>

Restart the iGrafx Platform service for the changes to take effect.

 

This article contains

 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close