Versions Compared

Old Version 2

changes.mady.by.user Brian Miller

Saved on

compared with

New Version Current

changes.mady.by.user Brian Miller

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Linux + Windows: step 7: fix service name holdover from SC 3.2

...

6. On the Syndeia Cloud server, update the web-gateway service's conf/application.conf file with the following settings to enable TLS/SSL, where $SC_snapshot_version = snapshot version of SC web-gateway you are running & <keystorePW> = the keystore password created in the previous step, ie:

Code Block
languagescala
themeRDark
# play.server.https.keyStore.path - The path to the keystore containing the private key and certificate, if not provided generates a keystore for you in the conf dir
play.server.https.keyStore.path = /opt/local/icx/syndeia-cloud-current/web-gateway-3.4$SC_snapshot_version/conf/keystore/host.domain.tld_CA-name.jks

# play.server.https.keyStore.type - The key store type, defaults to JKS
play.server.https.keyStore.type = jks

# play.server.https.keyStore.password - The password, defaults to a blank password if omitted
play.server.https.keyStore.password = "<keystorePW>"

# TLS/SSL port to run on
play.server.https.port = 9443
# HTTP port to run on, or set to "disabled" if you want to force TLS/SSL
play.server.http.port = disabled

# Set the following additional security settings if running on production
jdk.tls.ephemeralDHKeySize=2048
jdk.tls.rejectClientInitiatedRenegotiation=true

...

7. On Syndeia Cloud server, restart the Syndeia Cloud web-gateway service, ie: sudo systemctl restart syndeiasc-web-cloud gateway

(info)  If you've updated firewalld too, use: sudo firewall-cmd --reload && systemctl restart syndeiasc-web-cloudgateway

...

Windows 2012-R2

1. Obtain full-chained cert, ie: root/signing CA + intermediate + issued cert (+ private key?) ( (info) Note, you may need to create a CSR via openssl or Java keytool or IIS and submit it to your CA / IT security admin).  

...

6. On the Syndeia Cloud server, update the web-gateway service's conf\application.conf file with the following settings to enable TLS/SSL, where  where $SC_snapshot_version = snapshot version of SC web-gateway you are running & <keystorePW> = the keystore password created in the previous step, ie:

Code Block
languagescala
themeRDark
# play.server.https.keyStore.path - The path to the keystore containing the private key and certificate, if not provided generates a keystore for you in the conf dir
play.server.https.keyStore.path = C:\Program Files\Intercax\syndeia-cloud-<release_ver>current\web-gateway-1.0-SNAPSHOT$SC_snapshot_version\conf\keystore\host.domain.tld_CA-name.jks

# play.server.https.keyStore.type - The key store type, defaults to JKS
play.server.https.keyStore.type = jks

# play.server.https.keyStore.password - The password, defaults to a blank password if omitted
play.server.https.keyStore.password = "keystorePW"

# TLS/SSL port to run on
play.server.https.port = 9443
# HTTP port to run on, or set to "disabled" if you want to force TLS/SSL
play.server.http.port = disabled

# Set the following additional security settings if running on production
jdk.tls.ephemeralDHKeySize=2048
jdk.tls.rejectClientInitiatedRenegotiation=true

...

7. On the Syndeia Cloud server, restart the Syndeia Cloud Web-Gateway service (sc-web-gateway).