Hi
Eystein,
The customer should provide .key and .crt files related to GMS server in which .crt is signed by any third party SSL verifier.
After you obtain the .crt and .key file Please follow below steps
1. Download <g class="gr_ gr_43 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" id="43" data-gr-id="43">openssl</g> library
2. Extract attached <g class="gr_ gr_45 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" id="45" data-gr-id="45">rar</g> package to directory <g class="gr_ gr_247 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" id="247" data-gr-id="247">openssl
</g>3. Open Command Prompt with admin privileges
4. Navigate to openssl>bin
5. type below command
openssl pkcs12 -export -name servercert -in <Certificate Name.crt> -inkey <Certificate Key.key> -out keystore.p12 -- It will ask for password, enter any password
6. Open the SSL configuration file,
GMS/server/etc/jetty-ssl.xml, in a text editor.
7. Find the element and update all paths and passwords then Save your changes
<New id="sslContextFactory" class="org.eclipse.jetty.http.ssl.SslContextFactory">
Note: You can run Jetty's password utility to obfuscate your passwords. See
http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html.
8. Open the Jetty SSL module configuration file,
GMS/server/modules/<g class="gr_ gr_666 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" id="666" data-gr-id="666">ssl</g>.mod, in a text editor.
9. Comment out all properties settings after the line that says
etc/jetty-ssl.xml except for lines containing below then Save your changes.
<g class="gr_ gr_1213 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Style multiReplace" id="1213" data-gr-id="1213">10 .</g> You can now start Jetty the normal way (make sure that
jcert.jar,
jnet.jar and
jsse.jar are on your classpath)
------------------------------
Mohammed Adel
IST Networks - Saudi Arabia
------------------------------
Original Message:
Sent: 12-06-2018 09:54
From: Eystein Kylland
Subject: Enable GMS for https
Hello
We have a customer who wants to access the GMS for Chat through https and not http. I know we can set the http.ssl-trus-all parameter to true. And then we don't need a certificate.
But if we don't set this parameter do we need a certificate? And what kind of certificate do we need? If we supposed to generate a CSR file on the server is it specific paramater we need to add?
Eystein
#ArchitectureandDesign
#Implementation
#PlatformAdministration
#Security
------------------------------
Eystein Kylland
Sopra Steria AS Norway
------------------------------