Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 

Table of Contents

Introduction

The SSL securitization of TLS protection of Soffid IAM Console is applied through the configuration of the Apache TomEE embedded in the installation.

...

Once you have the Console installed and your certificate in jks format you can follow this steps to configure it the first time or for an update.

Mind that sometimes, the network encryption algorithm is named as SSL, in fact, the configuration file still displays the word SSL. Furthermore, SSL protocol is now outdatad, and TLSv1.2 is used instead.

Configuration

This is the file where there is the SSL TLS configuration must be placed.

Code Block
/opt/soffid/iam-console-2/conf/server.xml


The SSL TLS configuration is under inclued in the next following XML attributesentity.

Code Block
<Connector port="443"
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150"
           SSLEnabled="true">
   <SSLHostConfig>
      <Certificate certificateKeystoreFile="conf/yourdomain.jks"
                   certificateKeystorePassword="123456"
                   certificateKeyAlias="yourdomain"
                   type="RSA"
                   xpoweredBy="false"
                   server="Apache TomEE" />
   </SSLHostConfig>
</Connector>


About These are the attributes that you have to configure.

AttributeComment
portYou can choose the standard 443 or another custom port
certificateKeystoreFileThe source by default starts from /opt/soffid/iam-console-2/ (the installation directory)
certificateKeystorePasswordThe password used to encrypt the jks file
certificateKeyAliasThe alias of to identify your key and certificate domain


Copy or replace your jks file into this directory.

...

Code Block
/opt/soffid/iam-console-2/logs/soffid-YYYY-MM-DD.log


Load a PKCS#12 (.PFX) file

There are many standard ways to store and transfer private keys and certificates, but the most common one is the PKCS#12 format. Its main advantage is that it contains, in a single file, both the private key and the public certificate.

...

Code Block
keytool -v -importkeystore -srckeystore <YOUR_FILE.PFX> -srcstoretype PKCS12 -destkeystore /opt/soffid/iam-console-2/conf/yourdomain.jks -destalias yourdomain -deststoretype JKS

Next, you will be asked for the PFX encryption password. It must be provided to you along the PFX file.

...