Country/Region

Install SSL cert for UIS URL link

2021-12-22 23:33:26 Published
  • 0 Followed
  • 0Collected ,1281Browsed
MercuryWang

Network Topology

Null


Problem Description

Customers want to install SSL cert for UIS URL link,becase they think http protocol is not safe, they need to use https protocol, and they want to make the port 8080 which used for http to be disable.


Process Analysis

UIS HCI uses tomcat8, so the certificate type we need is .jks, but the customer can only provide it at .crt format certificate, so we need to convert the format of the certificate before installing it into the server. As for invalidating port 8080, we can modify the server.xml in tomcat8 /conf.

Solution

Install cert for UIS HCI:

1. Upload the certificate (server. crt) and key file (server. key) provided by the certificate provider to the conf directory of Tomcat (/ var / lib / tomcat8 / conf)


2. Execute the following command in Tomcat conf directory

(1)Generate p12 Certificate (password required)

# openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name server

(2)Generate jks file through p12 certificate (including key and certificate information. You also need to enter p12 certificate password and set jks password)

# keytool -importkeystore -srckeystore server.p12 -srcstoretype PKCS12 -destkeystore server.jks


3. Tomcat8 configuring SSL certificates

Modify conf/server.xml configuration file, for example:

<Connector port="80" protocol="HTTP/1.1"

               cOnnectionTimeout="20000"

               redirectPort="8443" />

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"

               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"

               clientAuth="false" sslProtocol="TLS"

                             keystoreFile="conf/server.jks"

                             keystorePass="password which you set"/>


By the way,

You should modify the server.xml in another CVM, and do not forget to upload the .jks that you create in step2 to another CVM.


4.Invalidating port 8080 (need to do this on all cvm)

Modify conf/server.xml configuration file, for example:

delete <connect port="8080">, just like the figure:


5.Restart tomcat8

After completing all the above steps, you need to restart tomcat8 service, 

command:

service tomcat8 restart


Please rate this case:   
0 Comments

No Comments

Add Comments:

Copyright© 2025 H3C reserves all rights to the current version NO.1

The copyright of this icon belongs to H3C. It is only for the use of this community. Do not use it for commercial purposes. Anyone who violates this icon will be prosecuted