Page History

...

In you need to execute Kiwuan On Premise over HTTPS protocol, please follow next steps. 

Step 6.1 Create your KOP SSL configuration file

SSL configuration  is currently done by creating a configuration file (ssl.custom) within ssl directory 

...

Step 6.2 Create the Private key and Certificate Signing Request (CSR) for your server

1. within ssl directory execute the script CreateKey_and_ReqCSR.sh 
2. this script generates the CSR file under ssl/certs
   • that file is named <yourhost.yourdomain.com>.csr , according to  $KIUWAN_HOST configuration property
3. send CSR file to your CA (Certificate Authority) 
4. CA will send back to you two files: 
   • CA's Certificate file (IMPORTANT: rename it to ca.crt )
   • your host's Certificate file : for example yourhost.yourdomain.com.crt
5. copy received files to ssl/certs directory

Step 6.3 Create the Keystore and switch from HTTP to HTTPS

1. within ssl directory execute the script TransferFilesToContainer.sh
   • this script transfers your server's certificate, your private key and CA's certificate to KOP container

   • also, it transfers the script templates that will be used to create the keystore and to change the configuration from http to https 

2. within ssl directory execute the script run_create_Keystore.sh 

   • this script executes (into the container) the script create_Keystore.sh (created from template create_Keystore.tpl)
3. within ssl directory execute the script run_change_ToHTTPS.sh 
   
   • this script stops wildfly service and executes the script change_ToHTTPS.sh (created from template change_ToHTTPS.tpl), this script will create files with .rollback extension of modified ones
   • then, it starts wildfly service 

Step 6.4 Just in case you are using your own CA, make it valid to your browsers and Java 

If the certificate is signed by your own Certification Authority, the browsers will not recognize it as a valid CA and you will get an error messages such as:

...