- 24 Nov 2022
- 1 Minute to read
- Contributors
- Print
- DarkLight
- PDF
Configuration HTTPS/SSL
- Updated on 24 Nov 2022
- 1 Minute to read
- Contributors
- Print
- DarkLight
- PDF
Here is the procedure for installing the SSL certificate on the application server.
Alternatively, the certificate can be installed on a proxy server fronting Constellio.
Creating the keystore.jks file
Create a keystore.jks file (Java format for the key manager)
**Here is an example procedure (including the creation of the CSR)
Note that you will need to add "-ext san=dns:www.exemple.com " or "-ext san=ip:10.0.1" with keytool command lines (with -genkey and -certreq) to ensure that the certificate is Chrome compliant.
Ex: keytool -genkey - alias mydomain -keystore keystore.jks keysize 2048 - ext san=dns:www.example.com
And
Ex: keytool -certreq - alias mydomain - keystrore keystore.jks - file mydomain - ext san=dns:www.exemple.com
Installing the keystore.jks file
Go to the Constellio installation list /opt/constellio
In the folder /opt/constellio/conf/ copy the keystore.jks file (watch out for the lowercase box)
In the /opt/constellio/conf/constellio.properties file change (with the keystore password):
Remove line (if it exists):
server.port=8080
Add (change password):
#SSL
server.ssl=true
server.keystorePassword=zzzzzz
server.port=8443
Firewall
sudo firewall-cmd --list-all
Validate if port 443 is open and redirected to 8443:
If not, enter the following commands:
sudo firewall-cmd --zone=public --permanent --add-service=https
sudo firewall-cmd --zone-=public--permanent --add-forward-port=port=443:proto=tcp:toport+8443
sudo firewall-cmd --zone=public --permanent --add-masquerade
sudo firewall-cmd --reload
Restarting Constellio
sudo systemctl restart constellio