PM Suwandy (member cishpix)
He is a genius and can fix it for you.
You should negotiate a fee but not overly expensive.
Suwandy manages ALL on my servers and is very talented and trustworthy.
HTTPS / SSL AwareIm
-
- Posts: 2418
- Joined: Mon Jul 02, 2012 12:24 am
- Location: Ulaanbaatar, Mongolia
Re: HTTPS / SSL AwareIm
Cheers,
Mark
_________________
AwareIM 6.0, 8.7, 8.8, 9.0 , MariaDB, Windows 10, Ubuntu Linux. Theme: Default, Browser: Arc
Upcloud, Obsidian....
Mark
_________________
AwareIM 6.0, 8.7, 8.8, 9.0 , MariaDB, Windows 10, Ubuntu Linux. Theme: Default, Browser: Arc
Upcloud, Obsidian....
Re: HTTPS / SSL AwareIm
I can attest to Suwandy's excellence and reasonableness.
v8.1 on Windows 10 / MySQL 5.6 (local), v8.1 on Windows Server 2016 / MySQL 5.6 (server)
Re: HTTPS / SSL AwareIm
Hello Gabbitas, let me to answer you
I should check your domain first to make sure the problem so would you like let me know your domain name?Gabbitas wrote:I'm using a windows server 2008 and I'm still on AwareIM v6. Im confident that port 443 is open as I am able to reach it from outside the server with a port testing tool.
Gabbitas wrote: 1) Does the extension of the keystore file matter?
2) Is the location of the keystore important and does it need to be in a certain place?
3) If I go to my AwareIM control panel and look at settings I currently run tomcat on port 80. Should I be changing this to port 443 or does it get left as port 80?
- I don't think so, you can give the extension as you want or remove it.
- Absolutely yes but you can locate it as you want as long as you have set it in server.xml
- Leave it port 80
Regards,
Suwandy
-----------------
Kisaran - Indonesia
Suwandy
-----------------
Kisaran - Indonesia
Re: HTTPS / SSL AwareIm
+1JonP wrote:I can attest to Suwandy's excellence and reasonableness.
From,
Himanshu Jain
AwareIM Consultant (since version 4.0)
OS: Windows 10.0, Mac
DB: MYSQL, MSSQL
Himanshu Jain
AwareIM Consultant (since version 4.0)
OS: Windows 10.0, Mac
DB: MYSQL, MSSQL
Re: HTTPS / SSL AwareIm
Thanks guys, I appreciate your input on this one.
After a whole day of research, fiddling and learning I managed to finally secure all of my servers with a wildcard certificate! The issues I was facing were due to an error in the server and intermediate certificates that were provided to me. After I had them re-issued I essentially just followed himanshu’s pdf guide and it worked a treat. Thanks to himanshu for taking the time to write up a guide.
I would encourage anyone to have a go at this. It seems very daunting at first but by doing a bit of research and watching a few videos on YouTube it’s not to difficult to understand in the end.
Thanks again to all contributors
After a whole day of research, fiddling and learning I managed to finally secure all of my servers with a wildcard certificate! The issues I was facing were due to an error in the server and intermediate certificates that were provided to me. After I had them re-issued I essentially just followed himanshu’s pdf guide and it worked a treat. Thanks to himanshu for taking the time to write up a guide.
I would encourage anyone to have a go at this. It seems very daunting at first but by doing a bit of research and watching a few videos on YouTube it’s not to difficult to understand in the end.
Thanks again to all contributors
Re: HTTPS / SSL AwareIm
https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
a great read. won't take that long. will confirm many of the things in this post.
the "alias" is important, and I didn't realize it from just copy/pasting Himanshu's instructions. I got back 4 certs - he had 2. There is a specific order to install them, so I had a little difficulty. And I don't think Mark or Himanshu mentioned this little goody found in this doc:
If you change the port number here [in the server.xlm <connector> entry], you should also change the value specified for the redirectPort attribute on the non-SSL connector [from 8443 to 443]. This allows Tomcat to automatically redirect users who attempt to access a page with a security constraint specifying that SSL is required, as required by the Servlet Specification.
a great read. won't take that long. will confirm many of the things in this post.
the "alias" is important, and I didn't realize it from just copy/pasting Himanshu's instructions. I got back 4 certs - he had 2. There is a specific order to install them, so I had a little difficulty. And I don't think Mark or Himanshu mentioned this little goody found in this doc:
If you change the port number here [in the server.xlm <connector> entry], you should also change the value specified for the redirectPort attribute on the non-SSL connector [from 8443 to 443]. This allows Tomcat to automatically redirect users who attempt to access a page with a security constraint specifying that SSL is required, as required by the Servlet Specification.
Click Here to see a collection of my tips & hacks on this forum. Or search for "JaymerTip" in the search bar at the top.
Jaymer
Aware Programming & Consulting - Tampa FL
Jaymer
Aware Programming & Consulting - Tampa FL
Re: HTTPS / SSL AwareIm
Hi,
I/m struggling (for several days now) with installing SSL on a Windows-server 2012.
I read and re-read several times :
http://softservsolutions.com/AwareIM/SS ... IM_SSL.pdf
I ordered a certificate and received 3 crt-files, placed them in the folder of the keystore : AwareIM\JDK\bin\
I imported these crt-files using "keytool" and also edited server.xml
Restarting AwareIM didn't gave the result I expected.
Can anybody help me ? Maybe I just forgot a small thing...
regards
Jannes
I/m struggling (for several days now) with installing SSL on a Windows-server 2012.
I read and re-read several times :
http://softservsolutions.com/AwareIM/SS ... IM_SSL.pdf
I ordered a certificate and received 3 crt-files, placed them in the folder of the keystore : AwareIM\JDK\bin\
I imported these crt-files using "keytool" and also edited server.xml
Restarting AwareIM didn't gave the result I expected.
Can anybody help me ? Maybe I just forgot a small thing...
regards
Jannes
Re: HTTPS / SSL AwareIm
I have also struggled with this starting somewhere after v8 and it seems like it doesn't work like it used to, my notes for doing the process which has worked for years doesn't work any longer and my notes hasn't changed so maybe something in Aware or the certificates and process in general? I went another way and now using a reverse proxy instead so is a tip for you and/but, an updated step by step guide from someone who done this in recent versions would be nice.
Henrik (V8 Developer Ed. - Windows)
Re: HTTPS / SSL AwareIm
Hi Henrick,
I was using LetsEncrypt from last couple of years, and the one document which was shared is helpful in case if you use another paid way.
@Jannes - pls connect on PM to understand your issue will try to help or will refer to someone.
I was using LetsEncrypt from last couple of years, and the one document which was shared is helpful in case if you use another paid way.
@Jannes - pls connect on PM to understand your issue will try to help or will refer to someone.
From,
Himanshu Jain
AwareIM Consultant (since version 4.0)
OS: Windows 10.0, Mac
DB: MYSQL, MSSQL
Himanshu Jain
AwareIM Consultant (since version 4.0)
OS: Windows 10.0, Mac
DB: MYSQL, MSSQL
Re: HTTPS / SSL AwareIm
Hi Jannes, we usually split the certificate into 3 files with NIO protocol and do not use keytool again begin from Tomcat 8
Regards,
Suwandy
-----------------
Kisaran - Indonesia
Suwandy
-----------------
Kisaran - Indonesia
Re: HTTPS / SSL AwareIm
Thanks and/so you have had Tomcat set up with Letsencrypt? That is the holy grail as far as I'm concerned. It's free and autorenew (set and forget). I use it with IIS today for websites and also for Aware via a reverse proxy but it isn't as good as having it set directly for Tomcat. Is it the Tomcat document you refer to as helpful or the softserv one (link doesn't work).
Henrik (V8 Developer Ed. - Windows)
Re: HTTPS / SSL AwareIm
A bit more details about this and how to set it up would be nice?
Henrik (V8 Developer Ed. - Windows)
Re: HTTPS / SSL AwareIm
here's 1 way to do it with the 3 files.
build 8.5
file: server.xml
--> JaymerTip SSL Port 443 Tomcat Config Server.XML
build 8.5
file: server.xml
Code: Select all
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384">
<Certificate certificateFile="C:\AwareIM\Tomcat\conf\certificate.cer"
certificateChainFile="C:\AwareIM\Tomcat\conf\bundle.crt"
certificateKeyFile="C:\AwareIM\Tomcat\conf\certificate.key"
type="RSA"/>
</SSLHostConfig>
</Connector>
--> JaymerTip SSL Port 443 Tomcat Config Server.XML
- Attachments
-
- Screen Shot 2021-02-14 at 4.58.53 PM.png (81.36 KiB) Viewed 19234 times
Click Here to see a collection of my tips & hacks on this forum. Or search for "JaymerTip" in the search bar at the top.
Jaymer
Aware Programming & Consulting - Tampa FL
Jaymer
Aware Programming & Consulting - Tampa FL
Re: HTTPS / SSL AwareIm
Is it really that simple, have you successfully implemented/tested this doing only these 2 things?Jaymer wrote: ↑Sun Feb 14, 2021 10:00 pm here's 1 way to do it with the 3 files.
build 8.5
file: server.xml
Code: Select all
<Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" /> <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true"> <SSLHostConfig ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384"> <Certificate certificateFile="C:\AwareIM\Tomcat\conf\certificate.cer" certificateChainFile="C:\AwareIM\Tomcat\conf\bundle.crt" certificateKeyFile="C:\AwareIM\Tomcat\conf\certificate.key" type="RSA"/> </SSLHostConfig> </Connector>
--> JaymerTip SSL Port 443 Tomcat Config Server.XML
Henrik (V8 Developer Ed. - Windows)
Re: HTTPS / SSL AwareIm
Yes, it's really simple, I have implemented it (exactly like Jaymer share the tomcat configuration in server.xml file) to some AwareIM servers that running in Windows, Linux and Macintosh too. If you need my hand, you can PM me directly
Thank you Jaymer that help me to answer Henrik question, I appreciate you
Regards,
Suwandy
-----------------
Kisaran - Indonesia
Suwandy
-----------------
Kisaran - Indonesia