...
Code Block | ||||
---|---|---|---|---|
| ||||
sudo cp host.domain.tld_CA-name_ca-chain_priv-key.pfx /etc/ssl/certs/.
sudo chown root:syndeia-cloud /etc/ssl/certs/host.domain.tld_CA-name_ca-chain_priv-key.pfx
sudo chmod ug:+rw /etc/ssl/certs/host.domain.tld_CA-name_ca-chain_priv-key.pfx |
...
Note, you will probably also want to update your FW settings too, ex. for firewalld: change port to 9443
in L5 of /etc/firewalld/services/syndeia.xml
.
8. If you are setting up a port below 1000 for your HTTPS connection (such as 443), then add the following line to /etc/systemd/system/sc-web-gateway.service
within its [Service]
section:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
AmbientCapabilities=CAP_NET_BIND_SERVICE |
9. On Syndeia Cloud server, restart the Syndeia Cloud web-gateway service, ie: sudo systemctl restart sc-web-gateway
If you've updated firewalld too, use: sudo firewall-cmd --reload && systemctl restart sc-web-gateway
10. Update the web-gateway
entry in the lagom.services
section of /opt/icx/syndeia-cloud-current/devops-.../conf/application.conf
section to specify the external URL and HTTPS port (replace host.domain.tld
with your FQDN):
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
lagom.services {
cas_native = "http://localhost:9042"
[...]
web-gateway = "https://host.domain.tld:9443"
[...]
} |
...
Windows 2012-R2+
1. Obtain full-chained cert, ie: root/signing CA + intermediate + issued cert (+ private key?) ( Note, you may need to create a CSR via openssl
or Java keytool
or IIS and submit it to your CA / IT security admin).
...
5. On the Syndeia Cloud server, launch Cygwin Terminal and copy the PFX (PKCS12) to the system's SSL cert directory & update ownership + permissions, where host.domain.tld
= your server's FQDN, ie: syndeia-cloud.company.com:
Code Block | ||||
---|---|---|---|---|
| ||||
cp host.domain.tld_CA-name_ca-chain_priv-key.pfx /etc/ssl/certs/. # chown Administrator:syndeia-cloudmay want to set ACLs as appropriate on /etc/ssl/certs/host.domain.tld_CA-name_ca-chain_priv-key.pfx chmod ug:+rw /etc/ssl/certs/host.domain.tld_CA-name_ca-chain_priv-key.pfx |
6. On the Syndeia Cloud server, in the Cygwin Terminal, update the web-gateway service's conf/application.conf
file to now include an HTTPS.conf
file:
...
8. On the Syndeia Cloud server, restart the Syndeia Cloud Web-Gateway service (sc-web-gateway).
9. Update the web-gateway
entry in the lagom.services
section of C:\cygwin64\opt\icx\syndeia-cloud-current\devops-...\conf\application.conf
section to specify the external URL and HTTPS port (replace host.domain.tld
with your FQDN):
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
lagom.services {
cas_native = "http://localhost:9042"
[...]
web-gateway = "https://host.domain.tld:9443"
[...]
} |
...