Running Ambience/Repertoire 202x in HTTPS mode using PKCS12

This entry guides you through the steps to configure Ambience/Repertoire 202x to run in HTTPS mode using PKCS12 keystore.

Prerequisites: Verify that OpenSSL installed on the system. For windows you can get it from Win32/Win64 OpenSSL Installer for Windows - Shining Light Productions 3

  1. Generate a Self-Signed Certificate and Private Key

    Use OpenSSL to generate a private key and a self-signed certificate:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private-key.pem -out certificate.pem

During the certificate generation, you’ll be prompted to provide information such as your country, organization, and common name.

  1. Create a PKCS12 Keystore

    Combine the private key and certificate into a PKCS12 keystore:

openssl pkcs12 -export -out keystore.p12 -inkey private-key.pem -in certificate.pem -name aliasname

*Replace the aliasname with the name that you preferred for the key entry

You will be prompted to set a password for the PKCS12 keystore. It will then created a PKCS12 keystore file name “keystore.p12

  1. Import PKCS12 Keystore into Java Truststore

    Use keytool to import the PKCS12 keystore into the Java truststore:

keytool -importkeystore -srckeystore keystore.p12 -srcstoretype PKCS12 -destkeystore “$JAVA_HOME/lib/security/cacerts”

*Replace $JAVA_HOME with the path to your Java installation directory.

  1. Once done, park the created keystore (i.e. keystore.p12) over in the following directory \etc\https

    Note: The https folder needs to be created manually

  2. Open up the etc\application.conf file and revise the necessary parts as bolded below:

  1. Save the etc/application.conf file and restart the Ambience server.

  2. Go to web browser and type https://localhost:1740 (depending on port number configured)