Enabling HTTPS in Comstice Wallboard

September 03, 2018
Enabling HTTPS in Comstice Wallboard

This guide explains the steps followed in setting up HTTPS for the Comstice Wallboard server. Please note that the file names (e.g. example.com.crt) or any acronyms used are for the sake of demostration. You will need to rename files correctly.


You need to have:

  • - key file
  • - crt file
  • - root certificate from the CA


Before you start

  • Create an SSL directory
        
            $ mkdir /opt/ssl
            $ chown -R comstice:comstice  /opt/ssl
        
    
  • Copy files into SSL directory via SFTP


Enabling HTTPS in Apache2

  
    
        $ vi /etc/apache2/sites-available/default-ssl.conf
        $ i
    

        Enter the following in the file.
    
        ServerName wallboard.example.com
        ServerAlias www.wallboard.example.com
        SSLEngine on
        SSLCertificateFile      /opt/ssl/example.com.crt
        SSLCertificateKeyFile /opt/ssl/example.com.key
    
        When it's done:
        Enter Esc then :wq (colon write quite)
    
        $ sudo a2enmod ssl
        $ sudo systemctl restart apache2.service
    

Enabling HTTPS in Express

    
        $ cd /opt/www/express/bin
    

In this folder there is already a key file and a crt file. Copy your key and crt files here under the same name i.e. overwrite the existing files. But the filenames must be as before. Also make sure that the files are owned by comstice user

    
        $ chown -R comstice:comstice /opt/www/express
    

Enabling HTTPS in Java Dropwizard

  • If you already generated Keystore.jks, copy it to the server using the steps below and then edit config.yml
  •         
                $ mkdir /opt/informix/keystore
            
        
    • Copy Keystore.jks to folder /opt/informix/keystore and then change ownership as below
    •         
                  $ chown -R comstice:comstice  /opt/informix/keystore
              
          
      Otherwise, you need to create the Keystore.jks as follows:
              
                  $ cd /opt/ssl
                  $ keytool -genkey -alias wallboard.example.com -keyalg RSA -keystore Keystore.jks -keysize 2048
                  $ keytool -import -trustcacerts -alias root -file root.crt -keystore KeyStore.jks
                  $ keytool -import -trustcacerts -alias intermediate -file intermediate.crt -keystore KeyStore.jks
              
          
      • Import the root certificate first, followed by the intermediate.


      • An alternative to the above is the following:
      • Concantenate alias certificate and the root certificate from the authority
              
                  $ cat example.com.crt COMODo_DCS.crt > newbundle.crt
              
          
      • Create PKCS12 Keystore
              
                  $ openssl pkcs12 -export -in newbundle.crt -inkey example.com.key -out keystore.p12 -CAfile temp.crt
              
          
      • Convert PKCS12 keystore to JKS
              
                  $ mkdir /opt/informix/keystore
                  $ keytool -importkeystore -srckeystore keystore.p12 -destkeystore /opt/informix/keystore/Keystore.jks -srcstoretype pkcs12 -deststoretype jks
              
          


      Updating config.yml

      Open the config.yml file and save the following information.

          
              $ vi /opt/informix/config.yml
              $ i
          
              Enter the following and save.
          
              server:
              applicationConnectors:
              - type: http
                  port: 8080
              - type: https
                  port: 8445
                  keyStorePath: ./keystore/KeyStore.jks
                  keyStorePassword: "myPassword"
                  validateCerts: false
                  validatePeers: false
      
              Enter Esc
              :wq (colon write quit to save)
          
      

      Modifying Express Settings

          
              $ cd /opt/www/universal/js
              $ vi setting.js
              $ i
      
              url: "https://wallboard.example.com:8445", //http://www.uccedemo.co:8080
      	    url_page: "https://wallboard.example.com/universal", // Url of Home Page  //http://www.uccedemo.co/universal
      	    server_url: "https://wallboard.example.com:2778", //http://www.uccedemo.co:3000
          
      

      Restart the server and test the https, you must use the hostname of the server such as wallboard.comstice.com and the domain must match the certificate domain
      https://wallboard.example.com:8445/csqname/allcsqs
      https://wallboard.example.com:2778/profile/allprofiles
      https://wallboard.example.com/universal

          
              $ service wallboard restart
          
      

Join our newsletter for all the news and ideas we are working on

By visiting our site, you agree to use of cookies to enhance your browsing experience. I Agree
Success!