...
6. On the Syndeia Cloud server, update the web-gateway service's conf/application.conf
file with the following settings to enable TLS/SSL, where $SC_snapshot_version = snapshot version of SC web-gateway you are running & <keystorePW> = the keystore password created in the previous step, ie:
Code Block | ||||
---|---|---|---|---|
| ||||
# play.server.https.keyStore.path - The path to the keystore containing the private key and certificate, if not provided generates a keystore for you in the conf dir play.server.https.keyStore.path = /opt/icx/syndeia-cloud-current/web-gateway-3.4$SC_snapshot_version/conf/keystore/host.domain.tld_CA-name.jks # play.server.https.keyStore.type - The key store type, defaults to JKS play.server.https.keyStore.type = jks # play.server.https.keyStore.password - The password, defaults to a blank password if omitted play.server.https.keyStore.password = "<keystorePW>" # TLS/SSL port to run on play.server.https.port = 9443 # HTTP port to run on, or set to "disabled" if you want to force TLS/SSL play.server.http.port = disabled # Set the following additional security settings if running on production jdk.tls.ephemeralDHKeySize=2048 jdk.tls.rejectClientInitiatedRenegotiation=true |
...
7. On Syndeia Cloud server, restart the Syndeia Cloud web-gateway service, ie: sudo systemctl restart syndeiasc-web-cloud gateway
If you've updated firewalld too, use: sudo firewall-cmd --reload && systemctl restart syndeiasc-web-cloudgateway
...
Windows 2012-R2
1. Obtain full-chained cert, ie: root/signing CA + intermediate + issued cert (+ private key?) ( Note, you may need to create a CSR via openssl
or Java keytool
or IIS and submit it to your CA / IT security admin).
...
6. On the Syndeia Cloud server, update the web-gateway service's conf\application.conf
file with the following settings to enable TLS/SSL, where where $SC_snapshot_version = snapshot version of SC web-gateway you are running & <keystorePW> = the keystore password created in the previous step, ie:
Code Block | ||||
---|---|---|---|---|
| ||||
# play.server.https.keyStore.path - The path to the keystore containing the private key and certificate, if not provided generates a keystore for you in the conf dir play.server.https.keyStore.path = C:\Program Files\Intercax\syndeia-cloud-<release_ver>current\web-gateway-3.4$SC_snapshot_version\conf\keystore\host.domain.tld_CA-name.jks # play.server.https.keyStore.type - The key store type, defaults to JKS play.server.https.keyStore.type = jks # play.server.https.keyStore.password - The password, defaults to a blank password if omitted play.server.https.keyStore.password = "keystorePW" # TLS/SSL port to run on play.server.https.port = 9443 # HTTP port to run on, or set to "disabled" if you want to force TLS/SSL play.server.http.port = disabled # Set the following additional security settings if running on production jdk.tls.ephemeralDHKeySize=2048 jdk.tls.rejectClientInitiatedRenegotiation=true |
...
7. On the Syndeia Cloud server, restart the Syndeia Cloud Web-Gateway service (sc-web-gateway).