Using any text editor, you can find SSL configuration sections which you can enable or disable. In the GW18 version we use apache-tomcat combination to run WebAccess software. There are two ways how to secure WebAccess. By default a java/tomcat approach with the “.keystore” file located in the same directory is used. However, if you have corporate certificate and key file for web servers, you can disable java/tomcat security settings and start using web security part.
Find out a section like: <Certificate certificateKeystoreFile=”conf/.keystore” and comment out entire java/tomcat section. It shall look like example bellow:
<Connector port=”443″ protocol=”org.apache.coyote.http11.Http11NioProtocol”
maxThreads=”150″ SSLEnabled=”true” scheme=”https” secure=”true”>
Right below this tomcat/java secure section is a traditional web server section which you can enable and specify a key and the certificate files location, example bellow:
<Connector port=”443″ protocol=”org.apache.coyote.http11.Http11AprProtocol”
maxThreads=”150″ SSLEnabled=”true” >
<UpgradeProtocol className=”org.apache.coyote.http2.Http2Protocol” />
In this example a corporate private key and a certificate file were copied into the conf directory. Once this is done, save changes and restart Apache Tomcat 8.5 Tomcat 8 service.
If this step does not work for you (there are complains over certificates in catalina log file once you start tomcat-apache service ), then other way to re-use existing certificates would be to import them into the “.keystore” file and use again java/tomcat section secure section.
You can import official certificates into the “.keystore” file by:
keytool -import -keyalg RSA -keystore <path to .keystore file> -trustcacerts -file <path to official cert file>
After those steps, you can restart Apache Tomcat 8.5 Tomcat 8 service to start using java/tomcat approach.
If nothing of above helps to get existing certificates for web working with this tomcat-apache combo, you will need to generate new CSR file and get certificates signed for your Windows server by the CA Authority where you purchased certificates before. Use preferably the “keytool” java utility to generate new CSR file and send it to the CA Authority asking to get certificates for securing java/tomcat.
Following is the command to generate new keystore and CSR files:
keytool -certreq -keyalg RSA -alias tomcat -file <certreq>.csr -keystore <path to new .keystore file>