Skip to main content

How to apply SSL certificate

AIV application can be installed in local machine as well as on server machine. generally it is suggested to install aiv on the server machine for centralized access of application over the network. By doing so any user having access of aiv can access the application through browser over the network.

Objective

Objective of this document is to guide user on how to setup SSL certificate in AIV.

Prerequisites

  • SSL certificate for Tomcat server (it should be in .pfx file format).

  • Password file for SSL certificate.

If application is installed for personal use, you can install aiv in local machine and it will work for a single user.

info

Any user connected on the same network can access the application by using IP address of host machine instead of localhost and rest of the URL as it is.

For example, Host machine has aiv installed and having machine IP address of 192.168.0.1. Now any user connected on the same network as host machine connected can access aiv by using this IP address of host machine. Locally aiv is accessed by writing http://localhost:port_number/aiv and remote user can access aiv by http://192.168.0.1:port_number/aiv

But in other scenario, if there is requirement in an organization that any user within organization should access the application from browser, you need to provide SSL certificate for aiv. SSL certificate for tomcat server can be generated by IT department of organization.

In this document we will describe how to configure SSL certificate with aiv and in what format aiv accepts SSL certificate.

danger

SSL certificate should be generated for Tomcat Server as aiv application is hosted on Tomcat Server

Steps to apply SSL certificate

Follow these steps once you have all prerequisite files ready and to link SSL certificate with aiv;

danger

Please take a backup of server.xml file before making any changes

  1. Place all dependecy files mentioned in prerequisite in to (your_directory)/aiv/tomcat/conf folder.

  2. Inside this folder you will see server.xml file. open this file in to any text editor to make changes

  3. In server.xml file you will find SSLHostConfig property somewhere which is commented by default. refer below image for your reference,

    Docusaurus Slash Introduction

  4. Un-comment this code snippet in this file and replace with property as gievn below;

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="conf/certificate_name.pfx"
keystoreType="PKCS12"
keystorePass="certificate_password_hare" />

Field to be updated

In above property following fields need to be updated to apply your SSL certificate,

  • port: provide port number by which certificate is binded. (Generally this info is provided along with certificate by IT person)

  • keystoreFile: you will have .pfx file of your certificate in (your_directory)/aiv/tomcat/conf folder. just provide name of certificate provided to you in this property after conf/ path.

  • keystorePass: you will be provided a password for this certificate. write that password here

    Keep all other settings as it is as shown in above code snippet.

  1. Save this file and restart tomcat server to reflect the changes.

  2. Once server is started successfully, try to access aiv with domain name & port number provided in certificate from outside of the server machine.

info

If aiv is not accessed from outside of server machine with the domain name provided, try to access with server ip address instead of domain name provided.

Still if you are unable to access application, verify certificate bindings and validate certificate path provided in server.xml file is correct or not.