How to configure SSL with Runtime
Every environment is different and is subject to different OS versions/types. Local variables may be different and thus details in this guide may not align 100% with your specific environment. This guide is a general guide meant to be used for Windows environments. Be aware that configuration of SSL to connect to Runtime through HTTPS is a time consuming process that requires knowledge of command line tools, and as such should only be done if you are confident in your ability to implement this and troubleshoot any potential command line errors.
To start configuring SSL you will need to have a few files at the ready.
a certificate for the host where runtime is installed
a private key
a CA bundle file
command prompt or terminal access on the host where runtime is installed
If you are uncertain on where to procure these files, refer to your system administrator.
In order to configure SSL, follow these steps.
Place your certificate, private key & CA bundle file in the runtime/data/conf folder.
Install OpenSSL and add OpenSSL to PATH. Follow this guide for this step if you are uncertain on how to do so.
Open CMD.exe in administrator mode.
Change the active directory to your runtime/data/conf folder.
Use the following command: cd <your directory here> Example: cd C:\Users\yoeri\Documents\DATPROF\Runtimes\runtime-4.3\DATA\conf
Convert the private key and certificate to PKCS 12
Use the following command: openssl pkcs12 -export -in <your certificate name + extension here> -inkey <your private key name + extension here> -name <the name of the host where Runtime is installed> -out certificate.p12 Example: openssl pkcs12 -export -in certificate.crt -inkey certificate.key -name myserver -out certificate.p12
Now, the system will prompt you to input a password and confirm it. In command line you are unable to see the password as you type, and you will not see the cursor position move. This is by design. This can be any password, but for convenience sake, it’s easiest to input password and press enter.
Some new files will be generated now. certificate.p12 is the certificate we’ll be using & keystore.jks is the keystore we’ll use.
For the next step we have to use the runtime keytool program in commandline. This means we need to temporarily add it to our PATH. to do this, first go to the location where Runtime is installed and find the complete system path to runtime/jdk/bin. At the top of the windows file explorer, click on the directory to copy your current location.
Use the following command: set path=%path%;<your path as defined above> Example: set path=%path%;C:\Users\yoeri\Documents\DATPROF\Runtimes\runtime-4.2.1\jdk\bin
Now, we’ll import our certificate into our keystore so we can use it.
Use the following command: keytool -importkeystore -deststorepass kssecret -destkeystore keystore.jks -srckeystore certificate.p12 -srcstoretype PKCS12
You will be asked to input a source keystore password. We’ve defined this earlier in command line, when it asked us for our export password. Enter the password you’ve entered there. In our example this is password.
If you’ve done this step correctly you’ll be greeted by the following message:
Entry for alias <your host name here> successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
Now, enter the following command:
Use the following command: keytool -import -alias bundle -trustcacerts -file <your CA bundle file name + extension> -keystore keystore.jks example: keytool -import -alias bundle -trustcacerts -file cabundle.crt -keystore keystore.jks
If this step succeeds, the configuration should be complete on the back end. All that we have to do now is edit the Runtime configuration files to refer to the keystore. Navigate to your Runtime installation folder, and find the data/conf folder. Here you should see runtime.properties. Open this in an editor of your choice. this can be notepad.
add and adjust the following text snippet:
Copy and paste the following snippet: # ---------------------------------------- # SSL PROPERTIES # ---------------------------------------- server.ssl.enabled=true server.ssl.key-store-type=PKCS12 server.ssl.key-store= <your keystore location here. Use "/" instead of "\". This should be in data\conf.> server.ssl.key-store-password=kssecret server.ssl.key-alias=<your host name here> Example: # ---------------------------------------- # SSL PROPERTIES # ---------------------------------------- server.ssl.enabled=true server.ssl.key-store-type=PKCS12 server.ssl.key-store=/home/datprof/runtime/data/conf/keystore.jks server.ssl.key-store-password=kssecret server.ssl.key-alias=myserver
After this is done, you should be able to navigate to https://<Your Runtime URL> !