In order to install an SSL certificate:
- Log into the server using RDP.
- Copy the pfx certificate into C:\RapPrereqs\Tomcat\conf -- let's assume it's called "mydomain.pfx". If you don't have a .pfx certificate but rather a .cer / .crt file, please see below how to convert a certificate to a .pfx file.
- Launch notepad as elevated (you can create a shortcut to notepad.exe + right-click + run as admin).
- Open C:\RapPrereqs\Tomcat\conf\server.xml configuration file, uncomment the line that looks as following, and add the following connector:
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true"
SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keystoreFile="conf/mydomain.pfx"
keystorePass="..." keystoreType="PKCS12" /> */
- Once you have done that, restart Tomcat and connect to https://your_server to see if it works (you'll get a certificate alert, that's fine).
- You'll then need to access this server using a host name that's authorized by the certificate (something.mydomain.com). You can either do it by obtaining a domain name, but I think also by modifying c:\windows\system32\drivers\etc\hosts file (on the test computer, not the server itself), and add an alias something.mydomain.com
- Open firewall port 443.
- In Cameyo's server page, fill in 443 in the relevant fields:
There are different ways for converting a CER certificate to PFX format. Note this is typically done on the same machine where the CSR was generated:
- If the certificate comes in text format (---BEGIN CERTIFICATE---...) save it into a .CER file with a text editor (ignore the Intermediate certificate).
- On your Windows server, run "certmgr.msc". Install the .CER and export it to .PFX *with* the private key.
- Then, copy the .PFX to C:\RapPrereqs\Tomcat\conf