Appboard/old/ssl certificate
Creating a Secure AppBoard/enPortal Server
AppBoard/enPortal is distributed with an invalid dummy SSL certificate for its Tomcat web server. This allows the system to function, but the client web browser will warn the user if one or more issues are identified with regard to the web server certificate:
- The certificate has expired.
- The certificate is not applicable to the server.
- The certificate is not signed by an authorized Certificate Authority.
Selecting a Certificate Authority
A certificate for your web server must be signed by a Certificate Authority that is trusted by your web browser. There are many such authorities and most provide detailed assistance for obtaining a signed server certificate. When selecting an authority, be aware of the following points:
- You need to obtain a signed Apache mod_ssl server certificate.
- You may need to provide physical documentation to the Authority to establish proof of identity.
- You need to renew certificates periodically (at least every 2 years). Renewal activities are typically less involved than origination activities.
Generating a Certificate Signing Request (CSR)
If you are running Tomcat behind another web server, such as Apache or Microsoft IIS, you need to configure the primary web server to handle the SSL connections from users. This primary server will negotiate all SSL-related functionality, then pass on any requests destined for the Tomcat container only after decrypting those requests.
In order to configure Tomcat standalone for SSL support, you need to create (or import) an SSL certificate. An OpenSSL utility is used to generate Certificate Signing Requests (CSRs) and certificates. Download the OpenSSL utility and generate a CSR. You must then submit the CSR to your Certificate Authority.
Installing the Certificate Files on the AppBoard/enPortal Server
Install the private key generated by the openssl tool. Copy the server.key file to the following location on your AppBoard/enPortal server:
/server/conf/ssl.key/
When your Certificate Authority provides you with a signed certificate, copy the file to the following location on your AppBoard/enPortal server:
/server/conf/ssl.crt/
Creating Intermediate CA Certs
An intermediate certificate is the certificate, or certificates, that go between your site (server) certificate and a root certificate. The intermediate certificate, or certificates, completes the chain to a root certificate trusted by the browser.
Using an intermediate certificate means that you must complete an additional step in the installation process to enable your site certificate to be chained to the trusted root, and not show errors in the browser when someone visits your web site.
For instructions on the process of creating Intermediate CA Certs, please see the Intermediate CA Certs page.
Configuring AppBoard/enPortal for HTTPS
Perform the following steps to configure AppBoard/enPortal to use your SSL certificate and run under HTTPS:
- Open the file /server/bin/setenv-custom.bat
- Uncomment the following lines:
- set HTTP_PORT=443
- set HTTP_SSL=true