Enabling HTTPS in Comstice Wallboard

September 03, 2018
Enabling HTTPS in Comstice Wallboard

This guide explains the steps followed in setting up HTTPS for the Comstice Wallboard server. Please note that the file names (e.g. example.com.crt) or any acronyms used are for the sake of demostration. You will need to rename files correctly.


You need to have:

  • - key file
  • - crt file
  • - root certificate from the CA


Before you start

  • Create an SSL directory
    
        $ mkdir /opt/ssl
        $ chown -R comstice:comstice  /opt/ssl
    
  • Copy files into SSL directory via SFTP


Enabling HTTPS in Apache2

    
        $ vi /etc/apache2/sites-available/default-ssl.conf
        $ i
    

        Enter the following in the file.
    
        ServerName wallboard.example.com
        ServerAlias www.wallboard.example.com
        SSLEngine on
        SSLCertificateFile      /opt/ssl/example.com.crt
        SSLCertificateKeyFile /opt/ssl/example.com.key
    
        When it's done:
        Enter Esc then :wq (colon write quite)
    
        $ sudo a2enmod ssl
        $ sudo systemctl restart apache2.service
    

Enabling HTTPS in Express

    
        $ cd /opt/www/express/bin
    

In this folder there is already a key file and a crt file. Copy your key and crt files here under the same name i.e. overwrite the existing files. But the filenames must be as before. Also make sure that the files are owned by comstice user

    
        $ chown -R comstice:comstice /opt/www/express
    

Enabling HTTPS in Java Dropwizard

If you already generated Keystore.jks, copy it to the server using the steps below and then edit config.yml

    
        $ mkdir /opt/informix/keystore
    

Copy Keystore.jks to folder /opt/informix/keystore and then change ownership as below

    
        $ chown -R comstice:comstice  /opt/informix/keystore
    

Otherwise, you need to create the Keystore.jks as follows:

     
        $ cd /opt/ssl
        $ keytool -genkey -alias wallboard.example.com -keyalg RSA -keystore Keystore.jks -keysize 2048
        $ keytool -import -trustcacerts -alias root -file root.crt -keystore KeyStore.jks
        $ keytool -import -trustcacerts -alias intermediate -file intermediate.crt -keystore KeyStore.jks
    

Import the root certificate first, followed by the intermediate.

An alternative to the above is the following:

Concantenate alias certificate and the root certificate from the authority

    
        $ cat example.com.crt COMODo_DCS.crt > newbundle.crt
    

Create PKCS12 Keystore

    
        $ openssl pkcs12 -export -in newbundle.crt -inkey example.com.key -out keystore.p12 -CAfile temp.crt
    
  • Convert PKCS12 keystore to JKS
    
        $ mkdir /opt/informix/keystore
        $ keytool -importkeystore -srckeystore keystore.p12 -destkeystore /opt/informix/keystore/Keystore.jks -srcstoretype pkcs12 -deststoretype jks
    


Updating config.yml

Open the config.yml file and save the following information.

    
        $ vi /opt/informix/config.yml
        $ i
    
        Enter the following and save.
    
        server:
        applicationConnectors:
        - type: http
            port: 8080
        - type: https
            port: 8445
            keyStorePath: ./keystore/KeyStore.jks
            keyStorePassword: "myPassword"
            validateCerts: false
            validatePeers: false

        Enter Esc
        :wq (colon write quit to save)
    

Modifying Express Settings

    
        $ cd /opt/www/universal/js
        $ vi setting.js
        $ i

        url: "https://wallboard.example.com:8445", //http://www.uccedemo.co:8080
	    url_page: "https://wallboard.example.com/universal", // Url of Home Page  //http://www.uccedemo.co/universal
	    server_url: "https://wallboard.example.com:2778", //http://www.uccedemo.co:3000
    

Restart the server and test the https, you must use the hostname of the server such as wallboard.comstice.com and the domain must match the certificate domain
https://wallboard.example.com:8445/csqname/allcsqs
https://wallboard.example.com:2778/profile/allprofiles
https://wallboard.example.com/universal

    
        $ service wallboard restart
    

Join our newsletter for all the news and ideas we are working on

Success!