Ask the Community
Groups
On-Premise: Configuring SSL using PFX file. - Connect IT Community | Kaseya
<main> <article class="userContent"> <p><strong>QUESTION:</strong></p> <p>How do I configure or change the SSL certificate using PFX file?</p> <p><strong>SOLUTION:</strong></p> <p>A Java KeyStore (JKS) is a repository of security certificates and the private keys, used for instance in SSL encryption.</p> <ul><li>The password used to create the 'keystore' file <strong>must not contain</strong> any special characters. Otherwise, the Web Application will be unable to load the file.</li> <li>Rename or move the existing keystore located at <TRAVERSE_HOME>/plugin/web/webapp.keystore</li> </ul><p><strong>Configuring SSL for the Web Application using PFX file:</strong></p> <ul><li>The application server (Apache Tomcat) used by Traverse uses a JKS format keystore. <br><br></li> <li>Create a keystore using below command.</li> </ul><pre class="code codeBlock" spellcheck="false" tabindex="0"><em> "TRAVERSE_HOME\</em>apps\jre\bin\keytool" -importkeystore -srckeystore "xxxxxxxxx.pfx" -srcstoretype pkcs12 -destkeystore "<em><TRAVERSE_HOME>\plugin\web\</em>webapp.keystore" -deststoretype JKS -deststorepass changeit</pre> <p><em><strong> srckeystore</strong> - </em>use the PFX file name, including it's location e.g C:/Program Files/Certificates/****.pfx<br><em><strong> source Keystore password- </strong></em>password of PFX file</p> <ul><li>List the webapp.keystore:</li> </ul><p> Scroll to the top of output and copy the alias name.</p> <pre class="code codeBlock" spellcheck="false" tabindex="0"><em> "TRAVERSE_HOME\</em>apps\jre\bin\keytool" -list -storepass changeit -keystore <em> "TRAVERSE_HOME\plugin\web\</em>webapp.keystore" -v</pre> <ul dir="auto"><li>Change the alias key password to the Traverse default value of 'changeit':<strong> </strong> </li> </ul><p><strong> alias: </strong>use the alias name from the listed output.<br><strong><em> alias password</em></strong>: Use PFX password<br><strong><em> New alias password</em></strong>: It should be "changeit"</p> <pre class="code codeBlock" spellcheck="false" tabindex="0"><em> "TRAVERSE_HOME\</em>apps\jre\bin\keytool" -keypasswd -alias xxxxxxx -keystore <em> "TRAVERSE_HOME\plugin\web\</em>webapp.keystore" -storepass changeit</pre> <ul dir="auto"><li>Change the alias name: </li> </ul><p> <strong>alias:</strong> use the alias name from the listed output.</p> <pre class="code codeBlock" spellcheck="false" tabindex="0"> "<em>TRAVERSE_HOME\</em>apps\jre\bin\keytool" -changealias -alias xxxxxxx -destalias tomcat -storepass changeit -keystore "<em><TRAVERSE_HOME>\plugin\web\</em>webapp.keystore" <br><br></pre> <ul dir="auto"><li>Verify the alias name "<em><strong>tomcat</strong></em>" in webapp.keystore:</li> </ul><pre class="code codeBlock" spellcheck="false" tabindex="0"><em> "TRAVERSE_HOME\</em>apps\jre\bin\keytool" -list -storepass changeit -keystore "<em>TRAVERSE_HOME\plugin\web\</em>webapp.keystore" -v<br></pre> <ul dir="auto"><li>Note that the password matches the Traverse default defined in Traverse_home\app\tomcat\conf\server.xml:</li> </ul><pre class="code codeBlock" spellcheck="false" tabindex="0"> keystorePass="changeit" keystoreFile="../../plugin/web/webapp.keystore"<br><br></pre> <ul dir="auto"><li>Restart the traverse webapp <br><br></li> <li>Access the webpage using the <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Ffqdn%2F" rel="noreferrer nofollow">https://FQDN</a> </li> </ul><p><br><br><br><br></p> <p><strong>RELATED ARTICLES:</strong></p> <p><a rel="nofollow" href="https://kaseya.vanillacommunities.com/kb/articles/aliases/kaseya/hc/en-gb/articles/229042488">Configuration - On-Premise - Configuring SSL for the Web Application</a></p> </article> </main>