How to apply SSL certificate
AIV application can be installed in local machine as well as on server machine. generally it is suggested to install aiv on the server machine for centralized access of application over the network. By doing so any user having access of aiv can access the application through browser over the network.
Objective
Objective of this document is to guide user on how to setup SSL certificate in AIV.
Prerequisites
SSL certificate for Tomcat server (it should be in .pfx file format).
Password file for SSL certificate.
If application is installed for personal use, you can install aiv in local machine and it will work for a single user.
Any user connected on the same network can access the application by using IP address of host machine instead of localhost
and rest of the URL as it is.
For example, Host machine has aiv installed and having machine IP address of 192.168.0.1
. Now any user connected on the same network as host machine connected can access aiv by using this IP address of host machine. Locally aiv is accessed by writing http://localhost:port_number/aiv
and remote user can access aiv by http://192.168.0.1:port_number/aiv
But in other scenario, if there is requirement in an organization that any user within organization should access the application from browser, you need to provide SSL certificate for aiv. SSL certificate for tomcat server can be generated by IT department of organization.
In this document we will describe how to configure SSL certificate with aiv and in what format aiv accepts SSL certificate.
SSL certificate should be generated for Tomcat Server as aiv application is hosted on Tomcat Server
Steps to apply SSL certificate
Follow these steps once you have all prerequisite files ready and to link SSL certificate with aiv;
Please take a backup of server.xml file before making any changes
Place all dependecy files mentioned in prerequisite in to
(your_directory)/aiv/tomcat/conf
folder.Inside this folder you will see
server.xml
file. open this file in to any text editor to make changesIn
server.xml
file you will findSSLHostConfig
property somewhere which is commented by default. refer below image for your reference,Un-comment this code snippet in this file and replace with property as gievn below;
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="conf/certificate_name.pfx"
keystoreType="PKCS12"
keystorePass="certificate_password_hare" />
Field to be updated
In above property following fields need to be updated to apply your SSL certificate,
port: provide port number by which certificate is binded. (Generally this info is provided along with certificate by IT person)
keystoreFile: you will have .pfx file of your certificate in
(your_directory)/aiv/tomcat/conf
folder. just provide name of certificate provided to you in this property afterconf/
path.keystorePass: you will be provided a password for this certificate. write that password here
Keep all other settings as it is as shown in above code snippet.
Save this file and restart tomcat server to reflect the changes.
Once server is started successfully, try to access aiv with domain name & port number provided in certificate from outside of the server machine.
If aiv is not accessed from outside of server machine with the domain name provided, try to access with server ip address instead of domain name provided.
Still if you are unable to access application, verify certificate bindings and validate certificate path provided in server.xml file is correct or not.