Versions Compared

Old Version 9

changes.mady.by.user Chris Welford

Saved on

compared with

New Version 10

changes.mady.by.user Chris Welford

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Using the Java tool keytool you can create a self-signed certificate and a keystore in one step.

U

...

 

Tip

 

 

Windows

Code Block
languagepowershell
"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA -keystore <path to keystore file>pathToKeystoreFile

E.g.

Code Block
languagepowershell
"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA -keystore C:\app\secure\keystore

...

Code Block
languagebash
 $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore <path to keystore file>pathToKeystoreFile

E.g.

Code Block
languagebash
 $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /opt/secure/keystore

 

 

To complete the command:

  • Enter a keystore password when prompted -

...

  • keystorePasswd
  • Enter data about your company, contact name, etc - this information will be displayed when users access PhixFlow

Enter a private key password when prompted - <privateKeyPasswd>

...

  • Select the default option not to set a separate password for the private key; if you want to do this, consult the tomcat documentation for further details.

Edit the tomcat configuration file

 

 

 

Edit the tomcat configuration file

...

$TOMCAT/conf/server.xml as follows.

  • Find the connector specification like:
Code Block
languagexml
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443         This connector uses the NIO implementation that requires the JSSE
         style configuration. When using the APR/native implementation, the
         OpenSSL style configuration is required as described in the APR/native
         documentation -->
    <!--
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />
    -->

 

 

 

...

and update it to:

Code Block
languagexml
 <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443         This connector uses the NIO implementation that requires the JSSE
         style configuration. When using the APR/native implementation, the
         OpenSSL style configuration is required as described in the APR/native
         documentation -->
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               keystoreFile="pathToKeystoreFile" keystorePass="keystorePasswd"
               clientAuth="false" sslProtocol="TLS" />

E.g.

Code Block
languagexml
 <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443         This connector uses the NIO implementation that requires the JSSE
         style configuration. When using the APR/native implementation, the
         OpenSSL style configuration is required as described in the APR/native
         documentation -->
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               keystoreFile="C:\app\secure\keystore" keystorePass="Hjq43823LfgreN"
               clientAuth="false" sslProtocol="TLS" />
  • Restart tomcat. PhixFlow will now be available at
Code Block
https://localhost:8443/phixflow

Remove standard HTTP access

Edit the tomcat configuration file $TOMCAT/conf/server.xml to comment out the standard connection.

  • Update the connection like:
Code Block
    <Connector port="8081" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />

to

Code Block
    <!--
         <Connector port="8081" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    -->