Versions Compared

Old Version 3

changes.mady.by.user Chris Welford

Saved on

compared with

New Version Current

changes.mady.by.user Chris Welford

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

You may wish to install tomcat to support secure connections over SSL, that is, via HTTPS.

This is described in the standard tomcat documentation - for tomcat 8 at https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html - but some notes are given here to get you started.

...

A list of certificate authorities is given on in https://en.wikipedia.org/wiki/Certificate_authority.

Overview

All installations process The installation of a certificate will contain the steps:

  1. Obtain a certificate - whether self-signed or from a certificate authority
  2. Create a keystore
  3. Tell tomcat where to find the keystore

...

These instructions will help you get an HTTPS connection to PhixrFlowPhixFlow, using a self-signed certificate, on linux and windows. There are the two commonest platforms for PhixFlow, and the instructions are provided to help you set PhixFlow up quickly to operate securely over with HTTPS.

Warning

These quick start instructions will allow you to connect to PhixFlow over an HTTPS connection, but there are other security implications when setting up a production system using certificates - in particular, whether you use a certificate from a certificate authority. Therefore, you may need to check this set up against your company security policies. Consult the standard tomcat documentation for full details of alternative methods of installation.

The examples use a Java tool called keytool, so you must have Java installed to follow thesethem.

Obtain certificate and create keystore

...

Linux

Code Block
languagebash
 $JAVA$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore pathToKeystoreFile

E.g.

Code Block
languagebash
 $JAVAsudo mkdir /opt/tomcat/secure
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /opt/tomcat/secure/keystore
sudo chown -R tomcat:tomcat /opt/tomcat/secure
sudo chmod 500 /opt/tomcat/secure
sudo chmod 400 /opt/tomcat/secure/keystore


Warning

Ensure that you create your keystore in a location that is only accessible to privileged users

...

  • Enter a keystore password when prompted - keystorePasswd
  • Enter data information about your company, contact name, etc - this information will be displayed when users access PhixFlow
  • Select the default option not to set a separate password for the private key; if you want to do this, consult the tomcat documentation for further details.

...

Code Block
languagexml
 <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443         This connector uses the NIO implementation that requires the JSSE
         style configuration. When using the APR/native implementation, the
         OpenSSL style configuration is required as described in the APR/native
         documentation -->
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               keystoreFile="C:\app\secure\keystore" keystorePass="Hjq43823LfgreN"
               clientAuth="false" sslProtocol="TLS" />


Info

By default, tomcat uses the port 8443 for SSL connections; if you want to use a different port, update the port setting of the connection details in the server.xml file


Warning

Because the pass phrase password for the keystore is stored in the server.xml file, ensure that this file is only accessible to privileged users

...

  • Restart tomcat. PhixFlow will now be available at
Code Block
https://server:portNumber/webappName

E.g.

Code Block
https://localhost:8443/phixflow

...

To use a certificate from a certificate authority, following follow instructions in the standard tomcat documentation, e.g. https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html

 

 

 , under section Installing a Certificate from a Certificate Authority