...
Code Block | ||||
---|---|---|---|---|
| ||||
sudo cp host.domain.tld_CA-name_ca-chain_priv-key.pfx /etc/ssl/certs/.
sudo chown root:syndeia-cloud /etc/ssl/certs/host.domain.tld_CA-name_ca-chain_priv-key.pfx
sudo chmod ug:+rw /etc/ssl/certs/host.domain.tld_CA-name_ca-chain_priv-key.pfx
sudo sed -i.bak 's#include "silhouette.conf"#include "HTTPS.conf"\ninclude "silhouette.conf"#' /opt/icx/syndeia-cloud-current/web-gateway-3.5-SP1/conf/application.conf |
6. On the Syndeia Cloud server, update the web-gateway service's conf/application.conf
file to now include an HTTPS.conf
file:
...
Code Block | ||||
---|---|---|---|---|
| ||||
# play.server.https.keyStore.path - The path to the keystore containing the private key and certificate, if not provided generates a keystore for you in the conf dir play.server.https.keyStore.path = C:\\\cygwin64\\\etc\\\ssl\\\certs\\\host.domain.tld_CA-name.jkspfx # play.server.https.keyStore.type - The key store type, defaults to JKS play.server.https.keyStore.type = pkcs12 # play.server.https.keyStore.password - The password, defaults to a blank password if omitted play.server.https.keyStore.password = "keystorePW" # TLS/SSL port to run on play.server.https.port = 9443 # HTTP port to run on, or set to "disabled" if you want to force TLS/SSL play.server.http.port = disabled # Set the following additional security settings if running on production jdk.tls.ephemeralDHKeySize=2048 jdk.tls.rejectClientInitiatedRenegotiation=true |
...