- Shut down Cascade CMS
- Create a keystore (from https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html) by executing the following command:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
Once created, the .keystore file can typically be found in the home directory of the user who created it; (eg, /home/user
).
- Edit the file
tomcat/conf/server.xml
- Uncomment the area for SSL/TLS Connector configuration:
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true" clientAuth="false"
sslProtocol="TLS" />
- Add the
keystoreFile
andkeystorePass
attributes to the<Connector>
element and specify the location of the keystore along with the password:
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true" clientAuth="false"
sslProtocol="TLS" keystoreFile="/path/to/keystore"
keystorePass="somePassword" />
- Start Cascade CMS
The application should now be accessible through https://{host}:8443
.
See this article for instructions on forcing connections to use SSL.