Configure SSL on campusM Connect Layer

• Product: campusM
• Operating system: iOS, Android,Web

1) Make sure you have a separate file for the server key, server certificate as well as each certfificate in the CA chain, for example:
1) certificate.key
2) certificate.crt
3) ca1.crt
4) root.crt

If need be, copy each individual certificate in the CA chain to a new file

2) convert the base64 encoded keyfile and certificate file to .p12 file
openssl pkcs12 -export -out keyStore.p12 -inkey certificate.key -in certificate.crt

Provide a password to the P12 file
Enter Export Password: changeit
Verifying - Enter Export Password: changeit

3) Create a JKS file with the server key and certificate files
keytool -importkeystore -srckeystore keyStore.p12 -destkeystore certificate.jks -srcstoretype pkcs12

Provide the password to the p12 file as well as the newly created jks file:
Importing keystore keyStore.p12 to certificate.jks...
Enter destination keystore password:  changeit
Re-enter new password: changeit
Enter source keystore password:  changeit
Entry for alias 1 successfully imported.

4) Import CA certificate files into the JKS

keytool -import -alias a -file ca1.crt -storepass changeit -keystore certificate.jks -noprompt -trustcacerts

keytool -import -alias b -file root.crt -storepass changeit -keystore certificate.jks -noprompt -trustcacerts

5) Modify the tomcat_home/conf/server.xml file and add the jks to the SSL enabled connector, for example:

<!-- Define an SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="/opt/tomcat/conf/certificate.jks" keystorePass="changeit"
           clientAuth="false" sslProtocol="TLS"/>

• Article last edited: 20-Jan-2021