Configuration HTTPS/SSL

Here is the procedure for installing the SSL certificate on the application server.
Alternatively, the certificate can be installed on a proxy server fronting Constellio.

Creating the keystore.jks file

Create a keystore.jks file (Java format for the key manager)
**Here is an example procedure (including the creation of the CSR)
Note that you will need to add "-ext san=dns:www.exemple.com " or "-ext san=ip:10.0.1" with keytool command lines (with -genkey and -certreq) to ensure that the certificate is Chrome compliant.
Ex: keytool -genkey - alias mydomain -keystore keystore.jks keysize 2048 - ext san=dns:www.example.com
And
Ex: keytool -certreq - alias mydomain - keystrore keystore.jks - file mydomain - ext san=dns:www.exemple.com 

Installing the keystore.jks file

Go to the Constellio installation list /opt/constellio
In the folder /opt/constellio/conf/ copy the keystore.jks file (watch out for the lowercase box)

In the /opt/constellio/conf/constellio.properties file change (with the keystore password): 

Remove line (if it exists):
server.port=8080

Add (change password):

#SSL
server.ssl=true
server.keystorePassword=zzzzzz
server.port=8443

Firewall

sudo firewall-cmd --list-all

Validate if port 443 is open and redirected to 8443: 

If not, enter the following commands: 

sudo firewall-cmd --zone=public --permanent --add-service=https
sudo firewall-cmd --zone-=public--permanent --add-forward-port=port=443:proto=tcp:toport+8443

sudo firewall-cmd --zone=public --permanent --add-masquerade
sudo firewall-cmd --reload

Restarting Constellio

sudo systemctl restart constellio