Enabling HTTPS in Comstice Wallboard
September 03, 2018This guide explains the steps followed in setting up HTTPS for the Comstice Wallboard server. Please note that the file names (e.g. example.com.crt) or any acronyms used are for the sake of demostration. You will need to rename files correctly.
You need to have:
- - key file
- - crt file
- - root certificate from the CA
Before you start
- Create an SSL directory
$ mkdir /opt/ssl
$ chown -R comstice:comstice /opt/ssl
- Copy files into SSL directory via SFTP
Enabling HTTPS in Apache2
$ vi /etc/apache2/sites-available/default-ssl.conf $ i
Enter the following in the file.ServerName wallboard.example.com ServerAlias www.wallboard.example.com SSLEngine on SSLCertificateFile /opt/ssl/example.com.crt SSLCertificateKeyFile /opt/ssl/example.com.key
When it's done: Enter Esc then :wq (colon write quite)$ sudo a2enmod ssl $ sudo systemctl restart apache2.service
Enabling HTTPS in Express
$ cd /opt/www/express/bin
In this folder there is already a key file and a crt file. Copy your key and crt files here under the same name i.e. overwrite the existing files. But the filenames must be as before. Also make sure that the files are owned by comstice user
$ chown -R comstice:comstice /opt/www/express
Enabling HTTPS in Java Dropwizard
If you already generated Keystore.jks, copy it to the server using the steps below and then edit config.yml
$ mkdir /opt/informix/keystore
Copy Keystore.jks to folder /opt/informix/keystore and then change ownership as below
$ chown -R comstice:comstice /opt/informix/keystore
Otherwise, you need to create the Keystore.jks as follows:
$ cd /opt/ssl
$ keytool -genkey -alias wallboard.example.com -keyalg RSA -keystore Keystore.jks -keysize 2048
$ keytool -import -trustcacerts -alias root -file root.crt -keystore KeyStore.jks
$ keytool -import -trustcacerts -alias intermediate -file intermediate.crt -keystore KeyStore.jks
Import the root certificate first, followed by the intermediate.
An alternative to the above is the following:
Concantenate alias certificate and the root certificate from the authority
$ cat example.com.crt COMODo_DCS.crt > newbundle.crt
Create PKCS12 Keystore
$ openssl pkcs12 -export -in newbundle.crt -inkey example.com.key -out keystore.p12 -CAfile temp.crt
- Convert PKCS12 keystore to JKS
$ mkdir /opt/informix/keystore
$ keytool -importkeystore -srckeystore keystore.p12 -destkeystore /opt/informix/keystore/Keystore.jks -srcstoretype pkcs12 -deststoretype jks
Updating config.yml
Open the config.yml file and save the following information.
$ vi /opt/informix/config.yml $ i
Enter the following and save.server: applicationConnectors: - type: http port: 8080 - type: https port: 8445 keyStorePath: ./keystore/KeyStore.jks keyStorePassword: "myPassword" validateCerts: false validatePeers: false Enter Esc :wq (colon write quit to save)
Modifying Express Settings
$ cd /opt/www/universal/js
$ vi setting.js
$ i
url: "https://wallboard.example.com:8445", //http://www.uccedemo.co:8080
url_page: "https://wallboard.example.com/universal", // Url of Home Page //http://www.uccedemo.co/universal
server_url: "https://wallboard.example.com:2778", //http://www.uccedemo.co:3000
Restart the server and test the https, you must use the hostname of the server such as wallboard.comstice.com and the domain must match the certificate domain
https://wallboard.example.com:8445/csqname/allcsqs
https://wallboard.example.com:2778/profile/allprofiles
https://wallboard.example.com/universal
$ service wallboard restart