Enabling an HTTPS Connection

Use these instructions to enable the HTTPS connection on each server.

To enable an HTTPS connection, do the following:

1. Obtain and implement a Secure Site SSL certificate. You can purchase an SSL certificate or generate a self-signed certificate. Consult one of the following sections:

   Obtaining and Implementing a Purchased Secure Site SSL Certificate

   • Generating and Implementing a Self-signed Certificate

2. Edit the <CODEINSIGHT_ROOT_DIR>\tomcat\bin\catalina.bat file (or the catalina.sh file depending on your operating system): set -Dcodeinsight.ssl=true (default value is false)

3. Back up the <CODEINSIGHT_ROOT_DIR>\ ``tomcat\conf\server.xml file to another directory (outside of the conf directory).

4. Copy server.xml from <CODEINSIGHT_ROOT_DIR>\tomcat\https to <CODEINSIGHT_ROOT_DIR>\tomcat\conf. The new server.xml file contains a default configuration that references a keystore at <CODEINSIGHT_ROOT_DIR>\tomcat\codeinsight.jks. You will need to update this information as needed for your certificate, as described in step 7.

5. In the server.xml file, locate the following text, and ensure that the SSLEngine value is on:

• Obtaining and Implementing a Purchased Secure Site SSL Certificate

• Generating and Implementing a Self-signed Certificate

  <Listener 
  className="org.apache.catalina.core.AprLifecycleListener" 
  SSLEngine="on" />

1. In the server.xml file, locate for the following text that introduces the section describing the SSL certificate:

   FNCI SSL: Edit this section to match your certificate information. 

   • This section shows the default values for the certificate:

   note

   For security purposes, do not change the default value "TSLV1.2" for the sslEnabledProtocols parameter in this SSL section. Additionally, the “ciphers” value in this section can change over time. Revenera will notify you of any changes to this value so that you can manually update the value here.

2. Update the following parameters in this section to reflect your installed SSL certificate information:

   • keystoreFile—The file name of the keystore containing the certificate

   • keystorePass—The password of the keystore

   • keyAlias—The alias for the certificate entry in the keystore

   • keyPass—The password for the certificate entry

   note

   If the keystore and alias passwords are the same, you can specify keyPass, keystorePass or both.

3. Ensure that the value for the cipher parameter is up to date. If a new set of ciphers is introduced in TLS v1.2, Revenera will notify you and provide you with the new set so that you can replace the current cipher value. (Update the server.xml file found only in <CODEINSIGHT_ROOT_DIR>\tomcat\https.)

4. Restart the Tomcat server after making changes to the server.xml file or to a keystore. For more information, see Enabling Secure HTTP Over SSL.