Enable HTTPS for Web Portal

by default, kron pam is configured to http on port 80 krontech recommends using https in any production environment this section provides a detailed step by step guide for creating a certificate, a java keystore (jks) file, and configuring the web portal for https do not forget to replace the company name with your company name in the commands given under the following topics generating a private key and a csr this topic provides commands to create a private key and a certificate signing request (csr) if you already have a valid certificate and key, you can skip this step go to the certification directory with the command below cd /u01/netright tomcat/conf/cert/ run the command below for the key and csr files openssl req newkey rsa 2048 nodes keyout \<company name key> out \<company name csr> submit the csr to your preferred signing authority to receive your certificate alternatively, if you want to run with a self signed certificate, run the following command to generate a self signed certificate from your private key and csr openssl x509 signkey \<company name key> in \<company name csr> req days 365 out \<company name crt> creating a jks file you must create a jks file to use the certificate with apache tomcat this topic provides the steps to create a jsk file from an existing x509 certificate convert the x509 certificate to the p12 format you’ll be prompted to create an export password after the command define a password openssl pkcs12 export in \<company name crt> inkey \<company name key> certfile \<company name crt> out \<company name keystore p12> now using the new p12 file, run the following command to create the jks file you’ll be prompted to create a destination keystore password after the command define a password then the system will ask for the source keystore password which is created in the previous step as an export password /usr/java/jdk1 8 0 131/jre/bin/keytool importkeystore srckeystore \<company name keystore p12> srcstoretype pkcs12 destkeystore \<company name jks> deststoretype jks by default, the jks alias is set as 1 if you want to change the jks alias or password you can use the following commands keytool changealias keystore \<path/to/jks> alias \<current alias> keytool keypasswd alias \<alias> keystore \<path/to/jks> configuring web server open an ssh connection to kron pamwith the root account open and edit lines 87 111 of the following file /u01/netright tomcat/conf/server xml remove the comment tags highlighted in red change the keystorefile , keystorepass and keystore alias parameters highlighted in blue open and edit lines 4683 4694 of the following file /u01/netright tomcat/conf/web xml remove the comment tags highlighted in red open and edit the following file /u01/netright tomcat/netright/netright properties change line 18 as shown below append a new property to line 19 as shown below 18 netright baseurl= http //127 0 0 1 80 change as 18 netright baseurl= https //127 0 0 1 443 19 netright cookie secure=true restart the web portal service with the following command systemctl restart netright tomcat configuring ssh proxy open and edit the following file /u01/nssoapp/conf/nsso properties change line 4 as shown below 4 netright baseurl=http //127 0 0 1 restart the ssh proxy service with the following command systemctl restart nssoapp configuring radius server open and edit the following file /etc/raddb/sc radiusd conf change line 1 as shown below 1 sc base url=http //127 0 0 1 change as 1 sc base url=https //127 0 0 1 443 restart the radius service with the following command systemctl restart radiusd