PureEngage On-Premises

Expand all | Collapse all

Enable GMS for https

  • 1.  Enable GMS for https

    NEW MEMBER
    Posted 3 days ago
    Hello
    We have a customer who wants to access the GMS for Chat through https and not http. I know we can set the http.ssl-trus-all parameter to true. And then we don't need a certificate.

    But if we don't set this parameter do we need a certificate? And what kind of certificate do we need? If we supposed to generate a CSR file on the server is it specific paramater we need to add?
    Eystein
    #ArchitectureandDesign
    #Implementation
    #PlatformAdministration
    #Security

    ------------------------------
    Eystein Kylland
    Sopra Steria AS Norway
    ------------------------------


  • 2.  RE: Enable GMS for https

    Posted 2 days ago
    Hi Eystein,

    The customer should provide .key and .crt files related to GMS server in which .crt is signed by any third party SSL verifier.

    After you obtain the .crt and .key file Please follow below steps

    1. Download openssl library
    2. Extract attached rar package to directory openssl
    3. Open Command Prompt with admin privileges
    4. Navigate to openssl>bin
    5. type below command
    openssl pkcs12 -export -name servercert -in <Certificate Name.crt> -inkey <Certificate Key.key> -out keystore.p12 -- It will ask for password, enter any password

    6. Open the SSL configuration file, GMS/server/etc/jetty-ssl.xml, in a text editor.
    7. Find the element and update all paths and passwords then Save your changes

     <New id="sslContextFactory" class="org.eclipse.jetty.http.ssl.SslContextFactory">

    Note: You can run Jetty's password utility to obfuscate your passwords. See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html.

    8. Open the Jetty SSL module configuration file, GMS/server/modules/ssl.mod, in a text editor.
    9. Comment out all properties settings after the line that says etc/jetty-ssl.xml except for lines containing below then Save your changes.
    • [files]
    • [ini-template]
    10 . You can now start Jetty the normal way (make sure that jcert.jarjnet.jar and jsse.jar are on your classpath)

    ------------------------------
    Mohammed Adel
    IST Networks - Saudi Arabia
    ------------------------------