Configuration HTTPS/SSL
  • 24 Nov 2022
  • 1 Minute to read
  • Contributors
  • Dark
    Light
  • PDF

Configuration HTTPS/SSL

  • Dark
    Light
  • PDF

Article summary

Here is the procedure for installing the SSL certificate on the application server.
Alternatively, the certificate can be installed on a proxy server fronting Constellio.


Creating the keystore.jks file

Create a keystore.jks file (Java format for the key manager)
**Here is an example procedure (including the creation of the CSR)
Note that you will need to add "-ext san=dns:www.exemple.com " or "-ext san=ip:10.0.1" with keytool command lines (with -genkey and -certreq) to ensure that the certificate is Chrome compliant.
Ex: keytool -genkey - alias mydomain -keystore keystore.jks keysize 2048 - ext san=dns:www.example.com
And
Ex: keytool -certreq - alias mydomain - keystrore keystore.jks - file mydomain - ext san=dns:www.exemple.com 


Installing the keystore.jks file

Go to the Constellio installation list /opt/constellio
In the folder /opt/constellio/conf/ copy the keystore.jks file (watch out for the lowercase box)

In the /opt/constellio/conf/constellio.properties file change (with the keystore password): 

Remove line (if it exists):
server.port=8080

Add (change password):

#SSL
server.ssl=true
server.keystorePassword=zzzzzz
server.port=8443


Firewall

sudo firewall-cmd --list-all

Validate if port 443 is open and redirected to 8443: 

If not, enter the following commands: 

sudo firewall-cmd --zone=public --permanent --add-service=https
sudo firewall-cmd --zone-=public--permanent --add-forward-port=port=443:proto=tcp:toport+8443

sudo firewall-cmd --zone=public --permanent --add-masquerade
sudo firewall-cmd --reload


Restarting Constellio

sudo systemctl restart constellio




Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.