Versions Compared

Old Version 2

changes.mady.by.user Brian Miller

Saved on

compared with

New Version 3

changes.mady.by.user Brian Miller

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Linux: step 5: delete redundant line, it's now in step 6; Windows: step 6: fix spacing; step 7: PFX not JKS anymore

...

Code Block
languagebash
themeRDark
sudo cp host.domain.tld_CA-name_ca-chain_priv-key.pfx /etc/ssl/certs/.
sudo chown root:syndeia-cloud /etc/ssl/certs/host.domain.tld_CA-name_ca-chain_priv-key.pfx
sudo chmod ug:+rw /etc/ssl/certs/host.domain.tld_CA-name_ca-chain_priv-key.pfx
sudo sed -i.bak 's#include "silhouette.conf"#include "HTTPS.conf"\ninclude "silhouette.conf"#' /opt/icx/syndeia-cloud-current/web-gateway-3.5-SP1/conf/application.conf

6.  On the Syndeia Cloud server, update the web-gateway service's conf/application.conf file to now include an HTTPS.conf file:

...

Code Block
languagescala
themeRDark
# play.server.https.keyStore.path - The path to the keystore containing the private key and certificate, if not provided generates a keystore for you in the conf dir
play.server.https.keyStore.path = C:\\\cygwin64\\\etc\\\ssl\\\certs\\\host.domain.tld_CA-name.jkspfx

# play.server.https.keyStore.type - The key store type, defaults to JKS
play.server.https.keyStore.type = pkcs12

# play.server.https.keyStore.password - The password, defaults to a blank password if omitted
play.server.https.keyStore.password = "keystorePW"

# TLS/SSL port to run on
play.server.https.port = 9443
# HTTP port to run on, or set to "disabled" if you want to force TLS/SSL
play.server.http.port = disabled

# Set the following additional security settings if running on production
jdk.tls.ephemeralDHKeySize=2048
jdk.tls.rejectClientInitiatedRenegotiation=true

...