Turning your Cameyo server into HTTPS

Steps for turning your HTTP server into HTTPS for self-hosted Cameyo servers.

If you are a fully-hosted cloud customer, you don't need to go through all this, and in fact probably already have HTTPS enabled. If you don't already have it enabled, simply contact support and we'll enable it for you right away.

If you are hosting your own server, then you have two options - use Cameyo's certificate, or use your own certificate. Most customers choose to just use the certificate provided by Cameyo - just contact support to get them to set it up for you.

To install your own SSL certificate, follow these steps:

  • Log into the server using RDP.
  • Copy the pfx certificate into C:\RapPrereqs\Tomcat\conf -- let's assume it's called "mydomain.pfx". If you don't have a .pfx certificate but rather a .cer / .crt file, please see below how to convert a certificate to a .pfx file.
  • Launch notepad as elevated (you can create a shortcut to notepad.exe + right-click + run as admin).
  • Open C:\RapPrereqs\Tomcat\conf\server.xml configuration file, uncomment the line that looks as following, and add the following configuration line (replace keystorePass="..." with your certificate's password, or leave it empty if none):
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" 
maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100"
scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS"
keystoreFile="conf/mydomain.pfx" keystorePass="..." keystoreType="PKCS12" />
  • Restart Tomcat and connect to https://[server-ip] to see if it works (you'll get a certificate alert, that's fine).
  • You'll then need to access this server using the FQDN name specified by the certificate (something.mydomain.com). You can either do it by obtaining a domain name, but I think also by modifying c:\windows\system32\drivers\etc\hosts file (on the test computer, not the server itself), and add an alias something.mydomain.com
  • Open firewall port 443.
  • In Cameyo's server page, fill 443 in the external https field:
https
  • In "External host name", enter the server's universal name (i.e. "server.company.com"), instead of the existing name ("[IP]").
  • Click the "Save changes" button.

Converting certificate to .pfx

There are different ways for converting a CER certificate to PFX format. Note this is typically done on the same machine where the CSR was generated:

  • If the certificate comes in text format (---BEGIN CERTIFICATE---...) save it into a .CER file with a text editor (ignore the Intermediate certificate).
  • On your Windows server, run "certmgr.msc". Install the .CER and export it to .PFX with the private key.
  • Then, copy the .PFX to C:\RapPrereqs\Tomcat\conf