Versions Compared

Old Version 10

changes.mady.by.user Gary Parden

Saved on

compared with

New Version Current

changes.mady.by.user Fiona Sargeant

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

You may wish to install tomcat can configure Tomcat to support secure connections over SSL , that is, via HTTPS.This via HTTPS. PhixFlow recommends you always use HTTPS communication between Tomcat and the PhixFlow webapp. However, if you are running Tomcat and PhixFlow behind a secure firewall, you may prefer to use HTTP communication.

Configuring HTTPS is described in the standard tomcat documentation - for tomcat 8 at Tomcat documentation. For Tomcat 8, see https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html - but some notes are given here to get you started. This page provides an overview of the process.

Type of

...

Certificate

If access to PhixFlow is only intended for people in your organisation, you may wish to create a self-signed certificate. This still provides a secure connection, but this will generate security warnings when users first connect, and they will not see a padlock in the address bar of their browser. If this is not acceptable to your users or by your company policy, or if you are going to provide access to people outside your organisation, you should obtain your certificate from a certificate authority (CA).

A list of certificate authorities is given in https://en.wikipedia.org/wiki/Certificate_authority.

...

Steps

The installation of a certificate will contain the steps:

  1. Obtain a certificate - whether self-signed or from a certificate authority
  2. Create a keystore
  3. Tell tomcat where to find the keystore

Quick start for HTTPS access to PhixFlow

These instructions will help you get an HTTPS connection to PhixFlow, using a self-signed certificate, on linux Linux and windowsWindows.

Warning

These quick start instructions will allow you to connect to PhixFlow over an HTTPS connection, but there are other security implications when setting up a production system using certificates - in particular, whether you use a certificate from a certificate authority. Therefore, you may need to check this set up against your company security policies. Consult the standard tomcat documentation for full details.

The examples use a Java tool called keytool, so you must have Java installed to follow them.

Obtain certificate and create keystore

Using the Java tool keytool you can create a self-signed certificate and a keystore in one step.

...

  • Enter a keystore password when prompted - keystorePasswd
  • Enter information about your company, contact name, etc - this information will be displayed when users access PhixFlow
  • Select the default option not to set a separate password for the private key; if you want to do this, consult the tomcat documentation for further details.

Edit the tomcat configuration file

Edit the tomcat configuration file $TOMCAT/conf/server.xml as follows.

...

Code Block
https://localhost:8443/phixflow

Remove standard HTTP access

Edit the tomcat configuration file $TOMCAT/conf/server.xml to comment out the standard connection.

...

Code Block
    <!--
         <Connector port="8081" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    -->

Using a Certificate from a Certificate Authority

To use a certificate from a certificate authority, follow instructions in the standard tomcat documentation, e.g. the section Installing a Certificate from a Certificate Authority on the page https://tomcat.apache.org/tomcat-8.05-doc/ssl-howto.html, under section Installing a Certificate from a Certificate Authority