Turning your Cameyo server into HTTPS

Steps for turning your HTTP server into HTTPS for self-hosted Cameyo servers.

If you are a fully-hosted cloud customer, you don't need to go through all this. Simply contact support and we'll help you.

To install an SSL certificate, follow these steps:

  • Log into the server using RDP.
  • Copy the pfx certificate into C:\RapPrereqs\Tomcat\conf -- let's assume it's called "mydomain.pfx". If you don't have a .pfx certificate but rather a .cer / .crt file, please see below how to convert a certificate to a .pfx file.
  • Launch notepad as elevated (you can create a shortcut to notepad.exe + right-click + run as admin).
  • Open C:\RapPrereqs\Tomcat\conf\server.xml configuration file, uncomment the line that looks as following, and add the following configuration line (replace keystorePass="..." with your certificate's password, or leave it empty if none):
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" 
maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100"
scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS"
keystoreFile="conf/mydomain.pfx" keystorePass="..." keystoreType="PKCS12" />
  • Restart Tomcat and connect to https://[server-ip] to see if it works (you'll get a certificate alert, that's fine).
  • You'll then need to access this server using the FQDN name specified by the certificate (something.mydomain.com). You can either do it by obtaining a domain name, but I think also by modifying c:\windows\system32\drivers\etc\hosts file (on the test computer, not the server itself), and add an alias something.mydomain.com
  • Open firewall port 443.
  • In Cameyo's server page, fill 443 in the external https field:
https
  • In "External host name", enter the server's universal name (i.e. "server.company.com"), instead of the existing name ("[IP]").
  • Click the "Save changes" button.

Converting certificate to .pfx

There are different ways for converting a CER certificate to PFX format. Note this is typically done on the same machine where the CSR was generated:

  • If the certificate comes in text format (---BEGIN CERTIFICATE---...) save it into a .CER file with a text editor (ignore the Intermediate certificate).
  • On your Windows server, run "certmgr.msc". Install the .CER and export it to .PFX with the private key.
  • Then, copy the .PFX to C:\RapPrereqs\Tomcat\conf