Steps for turning your HTTP server into HTTPS for self-hosted Cameyo servers.
If you are a fully-hosted cloud customer, you don't need to go through all this. Simply contact support and we'll help you.
To install an SSL certificate, follow these steps:
- Log into the server using RDP.
- Copy the pfx certificate into C:\RapPrereqs\Tomcat\conf -- let's assume it's called "mydomain.pfx". If you don't have a .pfx certificate but rather a .cer / .crt file, please see below how to convert a certificate to a .pfx file.
- Launch notepad as elevated (you can create a shortcut to notepad.exe + right-click + run as admin).
- Open C:\RapPrereqs\Tomcat\conf\server.xml configuration file, uncomment the line that looks as following, and add the following configuration line (replace keystorePass="..." with your certificate's password, or leave it empty if none):
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100"
scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS"
keystoreFile="conf/mydomain.pfx" keystorePass="..." keystoreType="PKCS12" />
- Restart Tomcat and connect to https://[server-ip] to see if it works (you'll get a certificate alert, that's fine).
- You'll then need to access this server using the FQDN name specified by the certificate (something.mydomain.com). You can either do it by obtaining a domain name, but I think also by modifying c:\windows\system32\drivers\etc\hosts file (on the test computer, not the server itself), and add an alias something.mydomain.com
- Open firewall port 443.
- In Cameyo's server page, fill 443 in the external https field:
- In "External host name", enter the server's universal name (i.e. "server.company.com"), instead of the existing name ("[IP]").
- Click the "Save changes" button.
Converting certificate to .pfx
There are different ways for converting a CER certificate to PFX format. Note this is typically done on the same machine where the CSR was generated:
- If the certificate comes in text format (---BEGIN CERTIFICATE---...) save it into a .CER file with a text editor (ignore the Intermediate certificate).
- On your Windows server, run "certmgr.msc". Install the .CER and export it to .PFX with the private key.
- Then, copy the .PFX to C:\RapPrereqs\Tomcat\conf