Versions Compared

Old Version 3

changes.mady.by.user Brian Miller

Saved on

compared with

New Version Current

changes.mady.by.user Manas Bajaj

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagebash
themeRDark
sudo cp host.domain.tld_CA-name_ca-chain_priv-key.pfx /etc/ssl/certs/.
sudo chown root:syndeia-cloud /etc/ssl/certs/host.domain.tld_CA-name_ca-chain_priv-key.pfx
sudo chmod ug:+rw /etc/ssl/certs/host.domain.tld_CA-name_ca-chain_priv-key.pfx

...

(info)  Note, you will probably also want to update your FW settings too, ex. for firewalld:  change port to 9443 in L5 of /etc/firewalld/services/syndeia.xml.  

8. If you are setting up a port below 1000 for your HTTPS connection (such as 443), then add the following line to /etc/systemd/system/sc-web-gateway.service within its [Service] section:

Code Block
languagebash
themeRDark
titleAmbient Capabilities
AmbientCapabilities=CAP_NET_BIND_SERVICE

9. On Syndeia Cloud server, restart the Syndeia Cloud web-gateway service, ie: sudo systemctl restart sc-web-gateway

(info)  If you've updated firewalld too, use: sudo firewall-cmd --reload && systemctl restart sc-web-gateway

10. Update the web-gateway entry in the lagom.services section of /opt/icx/syndeia-cloud-current/devops-.../conf/application.conf section to specify the external URL and HTTPS port (replace host.domain.tld with your FQDN):  

Code Block
languagebash
themeRDark
titleAmbient Capabilities
lagom.services {
  cas_native = "http://localhost:9042"

  [...]
  web-gateway = "https://host.domain.tld:9443"
  [...]
}

...

Windows 2012-R2+

1. Obtain full-chained cert, ie: root/signing CA + intermediate + issued cert (+ private key?) ( (info) Note, you may need to create a CSR via openssl or Java keytool or IIS and submit it to your CA / IT security admin).  

...

5. On the Syndeia Cloud server, launch Cygwin Terminal and copy the PFX (PKCS12) to the system's SSL cert directory & update ownership + permissions, where host.domain.tld = your server's FQDN, ie: syndeia-cloud.company.com:  

Code Block
languagebash
themeRDark
cp host.domain.tld_CA-name_ca-chain_priv-key.pfx /etc/ssl/certs/.
# chown Administrator:syndeia-cloudmay want to set ACLs as appropriate on /etc/ssl/certs/host.domain.tld_CA-name_ca-chain_priv-key.pfx
chmod ug:+rw /etc/ssl/certs/host.domain.tld_CA-name_ca-chain_priv-key.pfx

6.  On the Syndeia Cloud server, in the Cygwin Terminal, update the web-gateway service's conf/application.conf file to now include an HTTPS.conf file:

...

8. On the Syndeia Cloud server, restart the Syndeia Cloud Web-Gateway service (sc-web-gateway).  

9. Update the web-gateway entry in the lagom.services section of C:\cygwin64\opt\icx\syndeia-cloud-current\devops-...\conf\application.conf section to specify the external URL and HTTPS port (replace host.domain.tld with your FQDN):  

Code Block
languagebash
themeRDark
titleapplication.conf
lagom.services {
  cas_native = "http://localhost:9042"

  [...]
  web-gateway = "https://host.domain.tld:9443"
  [...]
}

...