This entry guides you through the steps to configure Ambience/Repertoire 202x to run in HTTPS mode using PKCS12 keystore.
Prerequisites: Verify that OpenSSL installed on the system. For windows you can get it from Win32/Win64 OpenSSL Installer for Windows - Shining Light Productions 3
-
Generate a Self-Signed Certificate and Private Key
Use OpenSSL to generate a private key and a self-signed certificate:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private-key.pem -out certificate.pem
During the certificate generation, you’ll be prompted to provide information such as your country, organization, and common name.
-
Create a PKCS12 Keystore
Combine the private key and certificate into a PKCS12 keystore:
openssl pkcs12 -export -out keystore.p12 -inkey private-key.pem -in certificate.pem -name aliasname
*Replace the aliasname with the name that you preferred for the key entry
You will be prompted to set a password for the PKCS12 keystore. It will then created a PKCS12 keystore file name “keystore.p12”
-
Import PKCS12 Keystore into Java Truststore
Use keytool to import the PKCS12 keystore into the Java truststore:
keytool -importkeystore -srckeystore keystore.p12 -srcstoretype PKCS12 -destkeystore “$JAVA_HOME/lib/security/cacerts”
*Replace $JAVA_HOME with the path to your Java installation directory.
-
Once done, park the created keystore (i.e. keystore.p12) over in the following directory \etc\https
Note: The https folder needs to be created manually
-
Open up the etc\application.conf file and revise the necessary parts as bolded below:
-
Save the etc/application.conf file and restart the Ambience server.
-
Go to web browser and type https://localhost:1740 (depending on port number configured)