Versions Compared

Old Version 12

changes.mady.by.user user-4a6d8

Saved on

compared with

New Version 13

changes.mady.by.user user-4a6d8

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited section 5 contents to describe two different approaches to configuring SSL parameters.

...

3. Scroll down to the section with parameters responsible for secure connection: <SSL>...</SSL>.

SSL configuration example for Windows:

Code Block
languagexml
themeEmacs
		<!-- Secure connection -->
        <SSL>
            <EnableSSL>true</EnableSSL>
            <!-- Transport Layer Security (TLS) version. Possible values: TLSV1, TLSV1_1, TLSV1_2. -->
            <TLSVersion>TLSV1_2</TLSVersion>
            <!-- The source of an SSL certificate. Possible values: FILE, STORE. The default value is STORE. -->
            <SSLCertificateSource>STORE</SSLCertificateSource>
            <SSLCertificateStoreSettings>
            <!-- The Common Name represents the server name protected by the SSL certificate (the fully qualified HostName). -->
            <SSLCertificateCommonName></SSLCertificateCommonName>
            <!-- If specified, Windows machine certificate store is used. Otherwise, the user's certificate store is used. 
			The default value  is true. -->
            <SSLCertificateUseMachineStore>true</SSLCertificateUseMachineStore>
			<!-- Possible values: MY (Personal), ROOT (Trusted Root Certification Authorities), TRUST (Enterprise Trust), 
			CA (Intermediate Certification Authorities), USERDS (Active Directory User Object). The default value is MY. -->
			<SSLCertificateStore>MY</SSLCertificateStore>
            </SSLCertificateStoreSettings>
            <SSLCertificateFileSettings>
            <!--Path to PKCS #12 (*.pfx) file containing the certificate and corresponding private key. 
			Path example: C:/Program Files/WebSpellChecker/AppServer/certificate.pfx -->
            <SSLCertificateFile></SSLCertificateFile>
            <SSLCertificatePassword></SSLCertificatePassword>
            </SSLCertificateFileSettings>
        </SSL>

SSL configuration example Example below applies to SSL setup for Linux:.

Code Block
languagexml
themeEmacs
		<!-- Secure connection -->
		<SSL>
            <EnableSSL>true</EnableSSL>
            <!-- Transport Layer Security (TLS) version. Possible values: TLSV1, TLSV1_1, TLSV1_2. -->
            <TLSVersion>TLSV1_2</TLSVersion>
 			<!-- Path to certificate file (PEM format). Path example: /opt/WSC/AppServer/cert.pem -->
            <SSLCertificateFile></SSLCertificateFile>
            <!-- Path to private key file (PEM format). Path example: /opt/WSC/AppServer/key.pem -->
            <SSLCertificateKeyFile></SSLCertificateKeyFile>
            <SSLCertificatePassword></SSLCertificatePassword>
            <!-- Contains the path to the file or directory containing the CA/root certificates. The default value is empty. -->
            <SSLCertificateAuthorityLocation></SSLCertificateAuthorityLocation>
            <!-- specifies whether the builtin CA certificates from OpenSSL are used. The default value is false. -->
            <SSLCertificateLoadDefaultCA>false</SSLCertificateLoadDefaultCA>
		</SSL>

...

  • for Windows, you can use either a .pfx file or export an SSL certificate from Windows Certificate Store.  
  • for Linux, you need to specify a path to certificate file and a private key file in *.pem format.

5.1Configuring SSL connection on Windows.

As it was already mentioned, there are two options how to configure SSL connection using FILE or exporting from STOREThese otpions are defined in the SSLCertificateSource parameter. Depending on your preferences, you need to select one of the options. The default value is STORE.

If you have selected to specify path to your certificate file (*.pfx or *.pem) in the SSLCertificateFile parameter, modify the following SSL connection-related parametersparameter

Code Block
languagexml
themeEmacs
<!--For Linux: path to certificate file (PEM format). Path example: /opt/WSC/AppServer/cert.pem -->
<!--For Windows: path to PKCS #12 (*.pfx) file containing the certificate and corresponding private key. 
Path example: C:/Program  The source of an SSL certificate. Possible values: FILE, STORE. The default value is STORE. -->
<SSLCertificateSource>STORE</SSLCertificateSource>

Let’s review these two options and the steps required to configure them.

Option A. Configuring SSL connection using FILE.

1. Change SSLCertificateSource value from STORE to FILE:

Code Block
languagexml
themeEmacs
<SSLCertificateSource>FILE</SSLCertificateSource>

2. Specify the path to  *.pfx file containing the certificate and corresponding private key, for example, C:/Program Files/WebSpellChecker/AppServer/certificate.pfx

...

in the tag below:

Code Block
languagexml
themeEmacs
<SSLCertificateFile></SSLCertificateFile>

3. If your SSL certificate is password-protected, type the certificate password in the SSLCertificatePassword tag.

5.2. Use these auxiliary steps to configure SSL connection for AppServer on Windows for password-protected SSL certificates with .pfx file to load the certificate from the store:

Step 1. Change the SSLCertificateSourcevalue from FILE to STORE.

Code Block
languagexml
themeEmacs
<SSLCertificateSource>STORE</SSLCertificateSource>

Step 2. Provide the following values in the <SSLCertificateStoreSettings>...</SSLCertificateStoreSettings> parameters group:

<SSLCertificatePassword>your_certificate_password</SSLCertificatePassword>

Option B. Configuring SSL connection by exporting SSL certificate from Windows Certificate Store.

Specify SSLCertificateStoreSettings parameters which is the group of parameters required to use SSL certificate from STORE, namely:

  • SSLCertificateCommonName which is a server name protected by the SSL certificate fully qualified HostName; a Provide SSLCertificateCommonName which is a string value, for example, cloud.kp.org.;
  • Select SSLCertificateUseMachineStore which is an option .
  • Select SSLCertificateStore option.
  • specifying if the machine store certificate is used;

5.2. Configuring SSL connection on Linux.

Unlike Windows, on Linux-based environments there is only option available for SSL connection configuration, namely, FILE.

To configure SSL connection on Linux:

1. Specify the path to certificate file *.pem format, for example,  /opt/WSC/AppServer/cert.pem  in the SSLCertificateFile tag below: 

Code Block
languagexml
themeEmacs
<SSLCertificateFile></SSLCertificateFile>

2. Specify the path to private key file in *.pem format, for example, /opt/WSC/AppServer/key.pem in the tag below:

Code Block
languagexml
themeEmacs
<SSLCertificateKeyFile></SSLCertificateKeyFile>

36. If your SSL certificate is password-protected, type the certificate password in the SSLCertificatePassword  SSLCertificatePassword tag.

Code Block
languagexml
themeEmacs
<SSLCertificatePassword>your_certificate_password</SSLCertificatePassword>

...