Enabling HTTPS in Comstice Wallboard

September 03, 2018
Enabling HTTPS in Comstice Wallboard

This guide explains the steps followed in setting up HTTPS for the Comstice Wallboard server. Please note that the file names (e.g. example.com.crt) or any acronyms used are for the sake of demostration. You will need to rename files correctly.

You need to have:

  • - key file
  • - crt file
  • - root certificate from the CA

Before you start

  • Create an SSL directory
        $ mkdir /opt/ssl
        $ chown -R comstice:comstice  /opt/ssl
  • Copy files into SSL directory via SFTP

Enabling HTTPS in Apache2

        $ vi /etc/apache2/sites-available/default-ssl.conf
        $ i

        Enter the following in the file.
        ServerName wallboard.example.com
        ServerAlias www.wallboard.example.com
        SSLEngine on
        SSLCertificateFile      /opt/ssl/example.com.crt
        SSLCertificateKeyFile /opt/ssl/example.com.key
        When it's done:
        Enter Esc then :wq (colon write quite)
        $ sudo a2enmod ssl
        $ sudo systemctl restart apache2.service

Enabling HTTPS in Express

        $ cd /opt/www/express/bin

In this folder there is already a key file and a crt file. Copy your key and crt files here under the same name i.e. overwrite the existing files. But the filenames must be as before. Also make sure that the files are owned by comstice user

        $ chown -R comstice:comstice /opt/www/express

Enabling HTTPS in Java Dropwizard

If you already generated Keystore.jks, copy it to the server using the steps below and then edit config.yml

        $ mkdir /opt/informix/keystore

Copy Keystore.jks to folder /opt/informix/keystore and then change ownership as below

        $ chown -R comstice:comstice  /opt/informix/keystore

Otherwise, you need to create the Keystore.jks as follows:

        $ cd /opt/ssl
        $ keytool -genkey -alias wallboard.example.com -keyalg RSA -keystore Keystore.jks -keysize 2048
        $ keytool -import -trustcacerts -alias root -file root.crt -keystore KeyStore.jks
        $ keytool -import -trustcacerts -alias intermediate -file intermediate.crt -keystore KeyStore.jks

Import the root certificate first, followed by the intermediate.

An alternative to the above is the following:

Concantenate alias certificate and the root certificate from the authority

        $ cat example.com.crt COMODo_DCS.crt > newbundle.crt

Create PKCS12 Keystore

        $ openssl pkcs12 -export -in newbundle.crt -inkey example.com.key -out keystore.p12 -CAfile temp.crt
  • Convert PKCS12 keystore to JKS
        $ mkdir /opt/informix/keystore
        $ keytool -importkeystore -srckeystore keystore.p12 -destkeystore /opt/informix/keystore/Keystore.jks -srcstoretype pkcs12 -deststoretype jks

Updating config.yml

Open the config.yml file and save the following information.

        $ vi /opt/informix/config.yml
        $ i
        Enter the following and save.
        - type: http
            port: 8080
        - type: https
            port: 8445
            keyStorePath: ./keystore/KeyStore.jks
            keyStorePassword: "myPassword"
            validateCerts: false
            validatePeers: false

        Enter Esc
        :wq (colon write quit to save)

Modifying Express Settings

        $ cd /opt/www/universal/js
        $ vi setting.js
        $ i

        url: "https://wallboard.example.com:8445", //http://www.uccedemo.co:8080
	    url_page: "https://wallboard.example.com/universal", // Url of Home Page  //http://www.uccedemo.co/universal
	    server_url: "https://wallboard.example.com:2778", //http://www.uccedemo.co:3000

Restart the server and test the https, you must use the hostname of the server such as wallboard.comstice.com and the domain must match the certificate domain

        $ service wallboard restart