Web Server Configuration

Open an SSH connection to Kron PAM with the root account.
Open and edit lines 87-111 of the file /u01/netright-tomcat/conf/server.xml.
Remove the comment tags at the top and bottom. (This is already done.)
Change the keystoreFile, keystorepass and keyAlias parameters.  
 
 <!--
	<Connector port="443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" 
		keystoreFile="/u01/netright-tomcat/conf/cert/sctest.jks" keystorePass="pass123" 
		sslEnabledProtocols="TLSv1.1,TLSv1.2"
		server="SingleConnect Server"
		ciphers="TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
			TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
			TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
			TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
			TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
			TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
			TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
			TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
			TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
			TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
			TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
			TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
			TLS_RSA_WITH_AES_128_CBC_SHA,
			TLS_RSA_WITH_AES_128_CBC_SHA256,
			TLS_RSA_WITH_AES_128_GCM_SHA256"
		clientAuth="false" sslProtocol="TLSv1.2" keyAlias="sctest"/>
 -->

 <!--
	<Connector port="443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" 
		keystoreFile="/u01/netright-tomcat/conf/cert/sctest.jks" keystorePass="pass123" 
		sslEnabledProtocols="TLSv1.1,TLSv1.2"
		server="SingleConnect Server"
		ciphers="TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
			TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
			TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
			TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
			TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
			TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
			TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
			TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
			TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
			TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
			TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
			TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
			TLS_RSA_WITH_AES_128_CBC_SHA,
			TLS_RSA_WITH_AES_128_CBC_SHA256,
			TLS_RSA_WITH_AES_128_GCM_SHA256"
		clientAuth="false" sslProtocol="TLSv1.2" keyAlias="sctest"/>
 -->
﻿
Open and edit lines 4683-4694 of the file /u01/netright-tomcat/conf/web.xml. Remove the comment tags at the top and bottom.
HTML
<!--
<security-constraint>
	<web-resource-collection>
		<web-resource-name>Protected Context</web-resource-name>
		<url-pattern>/*</url-pattern>
	</web-resource-collection>

	<user-data-constraint>
		<transport-guarantee>CONFIDENTIAL</transport-guarantee>
	</user-data-constraint>
</security-constraint>
-->
<!--
<security-constraint>
	<web-resource-collection>
		<web-resource-name>Protected Context</web-resource-name>
		<url-pattern>/*</url-pattern>
	</web-resource-collection>

	<user-data-constraint>
		<transport-guarantee>CONFIDENTIAL</transport-guarantee>
	</user-data-constraint>
</security-constraint>
-->
﻿
Open and edit the file, /u01/netright-tomcat/netright/netright.properties. Change line 18 and add a new property to line 19, as shown below.
18 : netright.baseurl=http://127.0.0.1:80

change to:as

18 : netright.baseurl=https://127.0.0.1:443
19 : netright.cookie.secure=true
18 : netright.baseurl=http://127.0.0.1:80

change to:as

18 : netright.baseurl=https://127.0.0.1:443
19 : netright.cookie.secure=true

18 : netright.baseurl=http://127.0.0.1:80

change to:as

18 : netright.baseurl=https://127.0.0.1:443
19 : netright.cookie.secure=true
﻿
Restart the Web Portal service with the command:
systemctl restart netright-tomcat
Create a Java KeyStore (JKS) file
SSH Proxy Configuration