Configuring Applicare Server for HTTPS with Self Signed Certificate
Configure HTTPS
Step 1: Stop the Applicare controller. Create "sscertificate" folder in C drive.
Step 2: Open command prompt in Administrator mode and go to the java bin directory which is used by Applicare and execute the below command.
Syntax:
keytool -genkey -alias <aliasname> -keyalg RSA -keystore "<JKS_File>" -validity 365 -dname "CN=<Controller_IP>, O=<Organization>, L=<City>, S=<State>, C=<Country_Code>, OU=<Organization Unit>" -ext "san=ip:<Controller_IP>,dns:<domain_name>"
Example:
<aliasname> - applicare
<JKS_File> - C:\sscertificate\certificate.jks
<Controller_IP > - 127.0.0.1 (Applicare controller running IP)
<Organization> - applicare
<Organization Unit> - applicare
<City> - city
<state> - state
<Country_Code> - country
<domain_name> - localhost
Command:
keytool -genkey -alias applicare -keyalg RSA -keystore "C:\sscertificate\certificate.jks" -validity 365 -dname "CN=127.0.0.1, O=applicare, L=city, S=state, C=country, OU=applicare" -ext "san=ip:127.0.0.1,dns:localhost"
Command to add Multiple IP's and multiple names in san and dns field. Only request from the Ip's specified in the san filed will be accepted to controller.
keytool -genkey -alias applicare -keyalg RSA -keystore "C:\sscertificate\certificate.jks" -validity 365 -dname "CN=127.0.0.1, O=applicare, L=city, S=state, C=country, OU=applicare" -ext "san=ip:127.0.0.1,ip:192.168.0.100,dns:localhost,dns:desktopap"
Step 3: It will ask for password type changeit and press ENTER button. Again it will ask to enter key password just press ENTER button. It will display the warning message.
Step 4: Execute the below command to create the certificate file.
Syntax:
keytool -export -alias <aliasname> -storepass changeit -file <certificate_file_path> -keystore <jks_file_path>
Example:
<aliasname> - applicare
<certificate_file_path> - C:\sscertificate\certificate.cer
<jks_file_path> - C:\sscertificate\certificate.jks
Command:
keytool -export -alias applicare -storepass changeit -file "C:\sscertificate\certificate.cer" -keystore "C:\sscertificate\certificate.jks"
It will display the certificate stored message and the warning message.
Step 5: Execute the below command to import the certificate file.
Note: To know java used by Applicare go to Applicare Information -> JVM Args Info and check the java Home.
Syntax:
keytool -import -v -alias <aliasname> -trustcacerts -file <certificate_file_path> -keystore <Java_Home_Lib_Security>" -keypass changeit -storepass changeit
Example:
<certificate_file_path> - C:\sscertificate\certificate.cer
<Java_Home_Lib_Security> - Applicare Java lib security cacerts path E:\Applicare\MySQL\Applicare921\jre\windows\lib\security\cacerts
Command:
keytool -import -v -alias applicare -trustcacerts -file "C:\sscertificate\certificate.cer" -keystore "E:\Applicare\MySQL\Applicare921\jre\windows\lib\security\cacerts" -keypass changeit -storepass changeit
Step 6: Enter yes in the Trust this certificate. It will display message Certificate was added to keystore.
Step 6: Edit the server.xml configuration in the <Applicare_Controller_Home>/server/conf/server.xml file. Comment the existing <Connector> and add the below one.
Syntax:
<Connector
protocol="HTTP/1.1"
port="<Applicare_Running_Port>" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="<JKS_File>" keystorePass="<certificatePassword>"
clientAuth="false" sslProtocol="TLS"/>
Example:
<Connector
protocol="HTTP/1.1"
port="8880" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:\sscertificate\certificate.jks" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
Step 7: Edit the ApplicareController.props file
- Add the property applicare.serverSSL=true at the end of the file.
applicare.serverSSL=true
Step 8: Save the file.
Step 9: After completing these configuration changes, Restart the Applicare controller. You should be able to access the Applicare console via SSL at the URL below:
Syntax: https://<controllerIP>:<port>/applicare
Example: https://127.0.0.1:8880/applicare
Syntax:
keytool -import -v -alias <aliasname> -trustcacerts -file <certificate_file_path> -keystore <Java_Home_Lib_Security>" -keypass changeit -storepass changeit
Example:
<certificate_file_path> - C:\sscertificate\certificate.cer
<Java_Home_Lib_Security> - Applicare Agent Java lib security cacerts path E:\ApplicareAgent\jre\windows\lib\security\cacerts
Command:
keytool -import -v -alias applicare -trustcacerts -file "C:\sscertificate\certificate.cer" -keystore "E:\ApplicareAgent\jre\windows\lib\security\cacerts" -keypass changeit -storepass changeit
Step 13: Enter yes in the Trust this certificate. It will display message Certificate was added to keystore.
Agent Java Certificate Import
Step 1: Copy the C:\sscertificate folder to the agent machine C drive.
Step 2: Execute the below command to import the certificate file in the agent java
Syntax:
keytool -import -v -alias <aliasname> -trustcacerts -file <certificate_file_path> -keystore <Java_Home_Lib_Security>" -keypass changeit -storepass changeit
Example:
<certificate_file_path> - C:\sscertificate\certificate.cer
<Java_Home_Lib_Security> - Agent Java lib security cacerts path E:\Applicare\MySQL\ApplicareSingleAgent\jre\windows\lib\security\cacerts
Command:
keytool -import -v -alias applicare -trustcacerts -file "C:\sscertificate\certificate.cer" -keystore "E:\Applicare\MySQL\ApplicareSingleAgent\jre\windows\lib\security\cacerts" -keypass changeit -storepass changeit
Step 3: Enter yes in the Trust this certificate. It will display message Certificate was added to keystore.
Please sign in to leave a comment.
Comments
0 comments