A signed certificate in a pkcs12 keystore file is also needed. The keystore file is either provided by the Certificate Authority or it can be generated from the private key used to request the certificate and the signed-certificate file from the Certificate Authority (see Creating a PKCS12 keystore file).
- Copy the keystore file to the conf subfolder in the CLC Genomics Server installation directory.
- Next, the server.xml file in the conf subfolder in the CLC Genomics Server installation directory must be edited to enable SSL-connections. Add text like the following text to the server.xml file:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="conf/keystore.pkcs12" keystorePass="tomcat" keystoreType="PKCS12" />
Replace keystore.pkcs12 with the name of your keystore file, and replace tomcat with the password for your keystore. The above settings will make SSL available on port 8443. The standard (non-SSL) port would be 8877, or whichever port number you have configured it to.
Self-signed certificates can be generated if only connection encryption is needed. See
http://www.akadia.com/services/ssh_test_certificate.html for further details.