...
| Code Block | ||
|---|---|---|
| ||
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /opt/secure/keystore |
| Warning |
|---|
Ensure that you create your keystore in a location that is only accessible to privileged users |
To complete the command:
- Enter a keystore password when prompted - keystorePasswd
- Enter data about your company, contact name, etc - this information will be displayed when users access PhixFlow
- Select the default option not to set a separate password for the private key; if you want to do this, consult the tomcat documentation for further details.
...
| Code Block | ||
|---|---|---|
| ||
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 This connector uses the NIO implementation that requires the JSSE
style configuration. When using the APR/native implementation, the
OpenSSL style configuration is required as described in the APR/native
documentation -->
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="C:\app\secure\keystore" keystorePass="Hjq43823LfgreN"
clientAuth="false" sslProtocol="TLS" /> |
| Warning |
|---|
Because the pass phrase for the keystore is stored in the server.xml file, ensure that this file is only accessible to privileged users |
- Restart tomcat. PhixFlow will now be available at
...
| Code Block |
|---|
<!--
<Connector port="8081" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
--> |
...
Using a Certificate from a Certificate Authority
To use a certificate from a certificate authority, following instructions in the standard tomcat documentation, e.g. https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html