User Tools

Site Tools


computing:backup:ahsay_ssl

This is an old revision of the document!


Ahsay Backup SSL Notes

See also Other Ahsay pages in this wiki

Ahsay OBS comes with a 'dummy' SSL certificate that works.

Force the Web Interface to Use SSL

https://help.ahsay.com/display/2/articleDirect/index.aspx?aid=2291

vim /opt/obs/webapps/obs/WEB-INF/web.xml

Locate [Enforce SSL] section near the bottom.

Remove the XML comment tags (“<!–” and “–>”) and save.

vim /opt/obs/webapps/ROOT/WEB-INF/web.xml

Now add this just above the </web-app> closing tag:

<security-constraint>
       <web-resource-collection>
           <web-resource-name>Automatic SSL Forwarding</web-resource-name>
           <url-pattern>*.html</url-pattern>
           <url-pattern>/*</url-pattern>
       </web-resource-collection>
           <user-data-constraint>
               <transport-guarantee>CONFIDENTIAL</transport-guarantee>
           </user-data-constraint>
</security-constraint>

Restart OBS:

/etc/init.d/obsr stop

/etc/init.d/obsr start

Install a Commercial Wildcard Certificate

These are instructions on how to import an existing wildcard certificate.

  1. Download the keystore file from your backup server
    • /opt/obs/conf/keystore
  2. Download the free KeyStore Explorer and install on your computer
  3. Open the downloaded keystore file in KeyStore Explorer
  4. Delete the tomcat entry
    • The default password is changeit
  5. Import the commercial key pair
    1. Tools → Import Key Pair
    2. Choose OpenSSL, but it could be different for your cert
    3. De-select Encrypted Private Key
    4. Select your Private Key (probably a .key file)
    5. Select your Certificate (probably a .crt file)
    6. Click Import
  6. On the next screen, change the alias to tomcat and click OK
  7. Enter changeit (twice) as the password and click OK
  8. Save the keystore file
  9. Upload it back to the original location on your Ahsay backup server
  10. Restart your Ahsay backup server

Other Miscellaneous Notes

List keys in keystore:

/opt/obs/java/bin/keytool -list -keystore /opt/obs/conf/keystore

Use the default password for the following: changeit

Delete the existing cert:

/opt/obs/java/bin/keytool -delete -alias tomcat -keystore /opt/obs/conf/keystore

Generate an RSA key pair:

/opt/obs/java/bin/keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore /opt/obs/conf/keystore

Choose 'same' for key password ( <enter> )

Certificate request for a commercial cert:

/opt/obs/java/bin/keytool -certreq -keyalg RSA -alias tomcat -file ssl.csr -keystore /opt/obs/conf/keystore

Import the intermediate certificate first, then the primary cert:

/opt/obs/java/bin/keytool -import -alias intermediate -trustcacerts -file /root/SSL/intermediate.ca.crt -keystore /opt/obs/conf/keystore

/opt/obs/java/bin/keytool -import -alias tomcat -trustcacerts -file /root/SSL/star.sonoracomm.com.crt -keystore /opt/obs/conf/keystore
computing/backup/ahsay_ssl.1380835977.txt.gz · Last modified: 2016/10/07 10:34 (external edit)