See also Other Ahsay pages in this wiki

Ahsay OBS comes with a 'dummy' SSL certificate that works.

https://help.ahsay.com/display/2/articleDirect/index.aspx?aid=2291

vim /opt/obs/webapps/obs/WEB-INF/web.xml

Locate [Enforce SSL] section near the bottom.

Remove the XML comment tags (“<!–” and “–>”) and save.

vim /opt/obs/webapps/ROOT/WEB-INF/web.xml

Now add this just above the </web-app> closing tag:

<security-constraint>
       <web-resource-collection>
           <web-resource-name>Automatic SSL Forwarding</web-resource-name>
           <url-pattern>*.html</url-pattern>
           <url-pattern>/*</url-pattern>
       </web-resource-collection>
           <user-data-constraint>
               <transport-guarantee>CONFIDENTIAL</transport-guarantee>
           </user-data-constraint>
</security-constraint>

Restart OBS:

/etc/init.d/obsr stop

/etc/init.d/obsr start

List keys in keystore:

/opt/obs/java/bin/keytool -list -keystore /opt/obs/conf/keystore

Use the default password for the following: changeit

Delete the existing cert:

/opt/obs/java/bin/keytool -delete -alias tomcat -keystore /opt/obs/conf/keystore

Generate an RSA key pair:

/opt/obs/java/bin/keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore /opt/obs/conf/keystore

Press <enter> for the (default) keystore password (changeit)

Certificate request for a commercial cert:

/opt/obs/java/bin/keytool -certreq -keyalg RSA -alias tomcat -file ssl.csr -keystore /opt/obs/conf/keystore

Import the intermediate certificate(s) first, then the primary cert:

Comodo PositiveSSL Domain Validated intermediate certs shown.

You don't need to import a cert if it already exists.

/opt/obs/java/bin/keytool -import -alias intermediate -trustcacerts -file /path/to/SectigoRSADomainValidationSecureServerCA.crt -keystore /opt/obs/conf/keystore

/opt/obs/java/bin/keytool -import -alias intermediate1 -trustcacerts -file /path/to/AAACertificateServices.crt -keystore /opt/obs/conf/keystore

/opt/obs/java/bin/keytool -import -alias intermediate1 -trustcacerts -file /path/to/USERTrustRSAAAACA.crt -keystore /opt/obs/conf/keystore

/opt/obs/java/bin/keytool -import -alias tomcat -trustcacerts -file /path/to/hostname.yourdomain.com.crt -keystore /opt/obs/conf/keystore

Restart OBSR:

service obsr stop && service obsr start

Make sure SSL port 443 is listening:

netstat -tapn

Unverified

These are instructions on how to import an existing wildcard certificate.

1. Download the keystore file from your backup server

   • /opt/obs/conf/keystore

2. Download the free KeyStore Explorer and install on your computer
   • Linux, Mac or Windows
   • Requires Sun Java
   • https://keystore-explorer.org
3. Open the downloaded keystore file in KeyStore Explorer
4. Delete the tomcat entry
   • The default password is changeit
5. Import the commercial key pair
   1. Tools → Import Key Pair
   2. Choose OpenSSL, but it could be different for your cert
   3. De-select Encrypted Private Key
   4. Select your Private Key (probably a .key file)
   5. Select your Certificate (probably a .crt file)
   6. Click Import
6. On the next screen, change the alias to tomcat and click OK
7. Enter changeit (twice) as the password and click OK
8. Save the keystore file
9. Upload it back to the original location on your Ahsay backup server
10. Restart your Ahsay backup server