I heard Xima now supports SSL for Tomcat in Chronicall 3.10.1. How do we enable it?
We do as of Chronicall version 3.10.1, and there are two ways to do this.
Self Signed Cert
This is the easiest way but it will not display a green bar and comes with a warning page in your browser
- Create a keystore and self-signed certificate using the Java keytool:
- In an administrator/sudo command line navigate to \Chronicall\java\bin
- Type "keytool -keystore chronicallkeystore.jks -genkey -alias chronicall -keyalg RSA" and follow the prompts. Remember what you set as the keystore password.
- Update Chronicall settings
- Set “HTTPS Enabled” to true
- Set “Keystore Path” to the path of chronicallkeystore.jks (it should be located in same directory as keytool)
- Set the port to be used
- Set the Keystore Password to match the one used when creating the keystore
- Set allow Self-Signed to true
- Restart Chronicall Services - Open ie and navigate to https://[TheirIpHere]:[configuredPort]/
You should see a warning page that allows you to continue to navigate to chronicall. The warning page is present because the Cert did not come from a known Certificate Authority.
Requesting and Importing a Certificate from a known Certificate Authority
This costs time money and usually some additional configuration
- Create a keystore keytool -keysize 2048 -genkey -alias chronicall -keyalg RSA -keystore chronicallkeystore.jks Follow the prompts
- Create a CSR (Certificate Signing Request) keytool -certreq -keyalg RSA -alias chronicall -file chronicall.csr -keystore chronicallkeystore.jks Follow the prompts
- Send chronicall.csr (usually located in same directory as keytool) to your CA provider.
- Once your certificate is issued import the root certificate keytool -import -alias root -keystore chronicallkeystore.jks -trustcacerts -file [name of the root certificate]
- Import the intermediate certificate keytool -import -alias intermed -keystore chronicallkeystore.jks -trustcacerts -file [name of the intermediate certificate]
- Import the issued certificate keytool -import -alias tomcat -keystore chronicallkeystore.jks -trustcacerts -file [name of the certificate] Update the settings.xml file with the correct keystore location in the Tomcat directory.
- Update Chronicall settings Set “HTTPS Enabled” to true Set “Keystore Path” to the path of chronicallkeystore.jks (usually Java/jre/bin) Set “Keystore Password” to password