EducationSoftwareStrategy.com
StrategyCommunity

Knowledge Base

Product

Community

Knowledge Base

TopicsBrowse ArticlesDeveloper Zone

Product

Download SoftwareProduct DocumentationSecurity Hub

Education

Tutorial VideosSolution GalleryEducation courses

Community

GuidelinesGrandmastersEvents
x_social-icon_white.svglinkedin_social-icon_white.svg
Strategy logoCommunity

© Strategy Inc. All Rights Reserved.

LegalTerms of UsePrivacy Policy
  1. Home
  3. Topics

KB483431: Configure Collaboration Service and Library When Dealing with SSL Certificate Chain

David Guo

Software Engineer • Strategy

Both Library and Collaboration need configuration changes to handle the SSL Certificate chain. This article provides steps to allow the Collaboration Service to properly verify the Library SSL Certificate chain.

Both Library and Collaboration need configuration changes to handle the SSL Certificate chain.
If TLS is not enabled between Library and the Collaboration service, you only need to follow steps 2-4 of General Steps of Collaboration Service.
If you have TLS enabled for connection between Library and Collaboration Service, complete all the steps under General Steps for both Collaboration Service and Library to ensure both services can properly authenticate each other.
 

Collaboration Service

General Steps

  • Generate a .pfx keystore file and save it to the same directory as 
    config.json
    .
    For example:
ka02R000000g5DiQAI_0EM2R000000n9QC.jpeg
  • Copy the Library SSL Certificate chain.
  • Modify the 
    config.json
     file for Collaboration to include the new files.
  • Check the 
    /status
    page to confirm Collaboration Service is running.

Obtain a Copy of Certificate Chain

  1. Open a web browser.
  2. Open the Library page. Make sure to use the Fully Qualified Domain Name in the URL for hostname.
  3. Click the lock icon next to URL > Connection > More Information.
  4. Click View Certificate.
  5. Click the Details tab.
  6. Click Export and select X.509 Certificate with Chain (PEM) as the format.
  7. Save the certificate file to the same directory as your 
    config.json.

Modify config.json

  1. Add the name of your keystore file to the 
    keystoreFile
     field.
  2. Add the name of the chain certificate file to the 
    trustedCerts
     array field.
  3. Add the passphrase value for the keystore file to the 
    passphrase
    field.
    For example:
    "passphrase": "mstr123"

  4. Ensure tslEnabled is set to 
    true.

Library

General Steps

  1. Add a copy of the Collaboration Service 
    keystore
    file to the Library .war file on Tomcat.
  2. Modify 
    configDefaults.properties
    to use the new 
    keystore
    file.
    Note: 
    Truststore
    and 
    keystore
    refer to the same .pfx file.
  3. Modify 
    configOverride.properties
    to point to the Collaboration Service.

Modify configOverride.properties

  1. Add 
    trustStore.path
    field.
    You can find instructions on using a 
    trustStore.path
    field inside the 
    configDefaults.properties
     file.
    It's recommended to save the 
    truststore
    file in the 
    WEB-INF
     folder.

    For example:
    
trustStore.path=/WEB-INF/truststore.pfx

  2. Add the 
    trustStore.passphrase
    field to match the passphrase used for the 
    truststore
    file.
    For example:
    
trustStore.passphrase = pass123

  3. Ensure Library is pointing to the Collaboration Service by adding or modifying the baseURL field.
    For example,
    
service.collaboration.baseURL = http://10.21.69.27.8082

Related

Library Online Help
Installation and Configuration Guide
System Administration Guide

Comment

0 comments

Details

Knowledge Article

Published:

June 28, 2019

Last Updated:

December 13, 2019