Appboard/old/ssl certificate

Revision as of 02:55, 7 January 2012 by imported>Mike.berman (created page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Creating a Secure AppBoard/enPortal Server

AppBoard/enPortal is distributed with an invalid dummy SSL certificate for its Tomcat web server. This allows the system to function, but the client web browser will warn the user if one or more issues are identified with regard to the web server certificate:

  • The certificate has expired.
  • The certificate is not applicable to the server.
  • The certificate is not signed by an authorized Certificate Authority.


Selecting a Certificate Authority

A certificate for your web server must be signed by a Certificate Authority that is trusted by your web browser. There are many such authorities and most provide detailed assistance for obtaining a signed server certificate. When selecting an authority, be aware of the following points:

  • You need to obtain a signed Apache mod_ssl server certificate.
  • You may need to provide physical documentation to the Authority to establish proof of identity.
  • You need to renew certificates periodically (at least every 2 years). Renewal activities are typically less involved than origination activities.


Generating a Certificate Signing Request (CSR)

If you are running Tomcat behind another web server, such as Apache or Microsoft IIS, you need to configure the primary web server to handle the SSL connections from users. This primary server will negotiate all SSL-related functionality, then pass on any requests destined for the Tomcat container only after decrypting those requests.

In order to configure Tomcat standalone for SSL support, you need to create (or import) an SSL certificate. An OpenSSL utility is used to generate Certificate Signing Requests (CSRs) and certificates. Download the OpenSSL utility and generate a CSR. You must then submit the CSR to your Certificate Authority.


Installing the Certificate Files on the AppBoard/enPortal Server

Install the private key generated by the openssl tool. Copy the server.key file to the following location on your AppBoard/enPortal server:

/server/conf/ssl.key/

When your Certificate Authority provides you with a signed certificate, copy the file to the following location on your AppBoard/enPortal server:

/server/conf/ssl.crt/

Template-note.png
You must re-start the enPortal web server after installing these files.


Creating Intermediate CA Certs

An intermediate certificate is the certificate, or certificates, that go between your site (server) certificate and a root certificate. The intermediate certificate, or certificates, completes the chain to a root certificate trusted by the browser.

Using an intermediate certificate means that you must complete an additional step in the installation process to enable your site certificate to be chained to the trusted root, and not show errors in the browser when someone visits your web site.

For instructions on the process of creating Intermediate CA Certs, please see the Intermediate CA Certs page.

Retrieved from "http://ab.edge-technologies.com/docs/index.php?title=Appboard/old/ssl_certificate&oldid=799"