Introduction
The Forum Sentry License Server utilizes Jetty for web based administration of the License Server. The site uses TLSv1.2 (HTTPS) with a default SSL key pair. Web browsers may throw warnings and errors due to the SSL certificate installed by default with the License Server.
This article explains how to use custom SSL certificates with the License Server.
Note that the certificates are not imported through the License Server interface so it is necessary to have access to the host OS with root privileges.
Overview
There are 4 main steps to configure the License Server to use custom SSL certificates:
1. Create a JKS with alias "jetty" to use with the License Server.
2. Modify the etc/jetty-ssl-context.xml file to use the correct key store password and key password.
3. Restart the License Server service
More Details
1. Create a JKS from a P12 file. This step creates a new JKS keystore from a p12 keypair while adding a new alias named "jetty" using the keytool command:
Example:
keytool -importkeystore -srckeystore P12_FILENAME_HERE.p12 -destkeystore JKS_FILENAME_HERE.jks -srcstoretype PKCS12 -deststoretype jks -srcstorepass PASSWORD_HERE -deststorepass PASSWORD_HERE -srcalias 1 -destalias jetty -srckeypass PASSWORD_HERE -destkeypass PASSWORD_HERE
2. Copy the new JKS file to the following location: /root/ForumSystems/LicenseServer/etc
3. Modify the /root/ForumSystems/LicenseServer/etc/jetty-ssl-context.xml file in 3 places:
a. KeyStorePath - reference the new jks file
b. KeyStorePassword - password for the jks
c. KeyManagerPassword - password for the jks
** It is recommended you backup this file before editing it.
4. Restart the license server "systemctl restart license-server"
5. Test the License Server web admin interface and verify the new SSL certs are in use.
For more information on Jetty please see:
https://www.eclipse.org/jetty/documentation.php
0 Comments