{Optional} Enabling HTTPS on a Linux Server
Use these instructions to enable HTTPS on a Linux server.
1. Open a command prompt and run the following to create a keystore file:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
 |
If you are prompted for a password, provide same password for all password fields. For example, changeit. Once the information is provided, a new .keystore file is generated in the /<user>/home directory.
|
2. Navigate to the <INSTALL_INTELLICUS_DIR>/Jakarta/conf directory and create a backup of the existing .keystore file. Replace the .keystore file with the new .keystore file in the <INSTALL_INTELLICUS_DIR>/Jakarta/conf directory.
3. Stop the Intellicus Web Server and the Report Server. [view instructions]
4. Navigate to the <INSTALL_INTELLICUS_DIR>/Jakarta/conf directory and edit the server.xml file.
5. Add the following tags to the server.xml file that relates to SSL:
<Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
disableUploadTimeout="true" enableLookups="false" maxThreads="25"
port="9094"
keystoreFile="/<INSTALL_INTELLICUS_DIR>/Jakarta/conf/.keystore"
keystorePass="<provide the password used in step#1>"
protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="https" secure="true" sslProtocol="TLS" />
disableUploadTimeout="true" enableLookups="false" maxThreads="25"
port="9094"
keystoreFile="/<INSTALL_INTELLICUS_DIR>/Jakarta/conf/.keystore"
keystorePass="<provide the password used in step#1>"
protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="https" secure="true" sslProtocol="TLS" />
|
|
9094 is the Tomcat port that is used to access the Intellicus URL.
|
6. Start the Intellicus Web Server and the Report Server.
For Linux: [view instructions]
7. Open a browser and enter the following to access the Intellicus portal running under SSL:
https://<serverIP>:<port>/intellicus
For example, https://localhost:9094/intellicus
8. Open a command prompt and run the following command as administrator to export the certificate from the .keystore and import it to a new pem file:
<Path of JDK_HOME>/jre/bin/keytool -exportcert -rfc -alias tomcat
-file <Servigistics home path>/tomcat.pem
-keystore <INSTALL_INTELLICUS_DIR>/jakarta/conf/.keystore
-file <Servigistics home path>/tomcat.pem
-keystore <INSTALL_INTELLICUS_DIR>/jakarta/conf/.keystore
|
|
If you are prompted to enter a password for the keystore file, provide the password used in Step 1.This creates a tomcat.pem file with the certificate from the .keystore file.
|
9. Navigate to the %JAVA_HOME%\jre\lib\security\cacerts directory.
10. In a command prompt, run the following command as administrator to import the tomcat.pem file into the JRE trustStore:
<Path of JDK_HOME>/jre/bin/keytool -import -alias tomcat
-keystore <Path of JDK_HOME>/jre/lib/security/cacerts
-file <SERVIGISTICS_HOM>/tomcat.pem
-keystore <Path of JDK_HOME>/jre/lib/security/cacerts
-file <SERVIGISTICS_HOM>/tomcat.pem
|
|
If you are prompted to enter a password for the keystore file, provide the cacerts file password. For example, the default password is changeit. Then enter yes to confirm. This creates a tomcat.pem file with the certificate from the .keystore file.
|
11. Edit the WebUI.properties and update the following parameter settings:
javax.net.ssl.trustStore=<Path of JDK_HOME>/jre/lib/security/cacerts
javax.net.ssl.trustStorePassword=changeit
javax.net.ssl.keyStore=<INSTALL_INTELLICUS_DIR>/jakarta/conf/.keystore
javax.net.ssl.keyStorePassword=<Password from Step 1>
javax.net.ssl.trustStorePassword=changeit
javax.net.ssl.keyStore=<INSTALL_INTELLICUS_DIR>/jakarta/conf/.keystore
javax.net.ssl.keyStorePassword=<Password from Step 1>
12. Perform the {Optional} Updating the Distributed JDK with Amazon Corretto
JDK step.
13. Proceed with the PAI Foundation step.