|Table of Contents|
The SSL securitization of TLS protection of Soffid IAM Console is applied through the configuration of the Apache TomEE embedded in the installation.
Once you have the Console installed and your certificate in jks format you can follow this steps to configure it the first time or for an update.
Mind that sometimes, the network encryption algorithm is named as SSL, in fact, the configuration file still displays the word SSL. Furthermore, SSL protocol is now outdatad, and TLSv1.2 is used instead.
This is the file where there is the SSL TLS configuration must be placed.
The SSL TLS configuration is under inclued in the next following XML attributesentity.
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true"> <SSLHostConfig> <Certificate certificateKeystoreFile="conf/yourdomain.jks" certificateKeystorePassword="123456" certificateKeyAlias="yourdomain" type="RSA" xpoweredBy="false" server="Apache TomEE" /> </SSLHostConfig> </Connector>
About These are the attributes that you have to configure.
|port||You can choose the standard 443 or another custom port|
|certificateKeystoreFile||The source by default starts from /opt/soffid/iam-console-2/ (the installation directory)|
|certificateKeystorePassword||The password used to encrypt the jks file|
|certificateKeyAlias||The alias of to identify your key and certificate domain|
Copy or replace your jks file into this directory.
Load a PKCS#12 (.PFX) file
There are many standard ways to store and transfer private keys and certificates, but the most common one is the PKCS#12 format. Its main advantage is that it contains, in a single file, both the private key and the public certificate.
keytool -v -importkeystore -srckeystore <YOUR_FILE.PFX> -srcstoretype PKCS12 -destkeystore /opt/soffid/iam-console-2/conf/yourdomain.jks -destalias yourdomain -deststoretype JKS
Next, you will be asked for the PFX encryption password. It must be provided to you along the PFX file.