iGrafx Process360 Live
iGrafx Process360 Live
Breadcrumbs

Configure SSL on predeployed tomcat

Requirements

  • .pfx certificate 

  • System with OpenSSL (this guide will use a Linux System)

If .key and .crt files are available you can skip to the step Configure SSL.

Create .key and .crt files

With OpenSSL available one a Linux system we can convert the MyCert.pfx file into MyCert.key and MyCert.crt.

Bash
/tmp$ openssl pkcs12 -in MyCert.pfx -nocerts -out MyCert.private.key

/tmp$ openssl rsa -in MyCert.private.key  -out MyCert.key

/tmp$ openssl pkcs12 -in MyCert.pfx -clcerts -nokeys -out MyCert.crt

Copy the files MyCert.key and MyCert.crt to the Server that is running the iGrafx Platform into the folder

...\iGrafx-Platform\igrafxdata

Configure SSL

Adaptions for server.xml and web.xml are necessary to enable SSL.

server.xml

Comment out the connector from server.xml by adding <!-- and --> before resp. after the Connector tag. 

...\iGrafx-Platform\apache-tomcat-9.0.107\conf\server.xml 
    <!--
    <Connector port="${igrafx.http.port}" protocol="HTTP/1.1"
				connectionTimeout="20000"
				redirectPort="8443"
				URIEncoding="utf-8" />
    -->

 

Add the following code below the commented out section. Make sure to specify the correct path for MyCert.crt and MyCert.key

...\iGrafx-Platform\apache-tomcat-9.0.107\conf\server.xml 
    <Connector port="${igrafx.http.port}" redirectPort="443" />

    <Connector port="443" protocol="HTTP/1.1"
            SSLEnabled="true"
            maxThreads="150"
			scheme="https" secure="true"
            clientAuth="false" sslProtocol="TLSv1"           
			SSLCertificateFile="..\..\igrafxdata\MyCert.crt"           
			SSLCertificateKeyFile="..\..\igrafxdata\MyCert.key"
            connectionTimeout="20000"
            URIEncoding="utf-8" />

web.xml

If the webserver should only be available through https and not http anymore, web.xml has to be adapted. Add the following code before the last line </web-app> 

...\iGrafx-Platform\apache-tomcat-9.0.107\conf\web.xml 
<security-constraint>
    <web-resource-collection>
      <web-resource-name>Protected Context</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <!-- auth-constraint goes here if you require authentication -->
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

</web-app>

Restart the iGrafx Platform service for the changes to take effect.

 

This article contains