NetFlow Logic Documentation
NetFlow Logic Documentation
Home
Downloads
Free Trial
NetFlow Logic Documetation
NetFlow Optimizer™ (NFO) Overview
Core Products
NFO Installation Guide
NFO Administration Guide
Configure the Root SSH Password for the NFO Virtual Appliance
Configure the User Password for the NFO
Assign a Permanent License to NFO
Starting NetFlow Optimizer
Status
Configure Inputs
Configure Outputs
Starting and Stopping NetFlow Optimizer
Enabling and Configuring Modules
Datasets
Services
External Data Feeder for NFO (EDFN)
NetFlow Recorder
Output Options
Tracing and Configuration
User Management
Licensing
Server Configuration Parameters
NFO Server Settings for High-volume Processing (Linux)
Secure Connection Configuration (HTTPS)
High Availability Deployment
Copying NFO Configuration
Working with NFO Service
NFO User Guide
EDFN Installation Guide
EDFN Administration Guide
Release Notes
Integrations and Apps
NetFlow Analytics for Splunk
Integration with Splunk Enterprise Security
Integration with Elasticsearch
Network Metrics Content Pack for VMware vRealize Log Insight
Solutions
Cloud Application Visibility & Security
NetFlow-based DDoS Detection
V2P Network Visibility
FAQ
Frequently Asked Questions
SUPPORT
Troubleshooting Guide
Support Overview
Powered by GitBook

Secure Connection Configuration (HTTPS)

This section describes how to install a certificate from a Certificate Authority into Tomcat. Self-signed certificate is already installed in $NFO_HOME/tomcat/conf/.tomcat_keystore, the keystore password is “password” and private key password is the same.

If you want to replace self-signed certificate to a new one from a Certificate Authority, use following steps from http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html

HTTPS parameters are configured in the tomcat/conf/server.xml configuration file (Connector section). All Connector attributes are described here: https://tomcat.apache.org/tomcat-7.0-doc/config/http.html. If keystore path or password are changed, corresponding Connector attributes should be modified.

Create a local Certificate Signing Request (CSR)

In order to obtain a Certificate from the Certificate Authority of your choice you have to create a so called Certificate Signing Request (CSR). That CSR will be used by the Certificate Authority to create a Certificate that will identify your website as "secure". To create a CSR follow these steps:

  • Delete preinstalled self-signed certificate:

$NFO_HOME/java/jre/jre/bin/keytool -delete -alias tomcat \
-keystore $NFO_HOME/tomcat/conf/.tomcat_keystore

  • Create a local Certificate:

$NFO_HOME/java/jre/jre/bin/keytool -keysize 2048 -genkey -alias tomcat \
-keyalg RSA -keystore $NFO_HOME/tomcat/conf/.tomcat_keystore

Note: In some cases you will have to enter the domain of your website (i.e. www.domain.org) in the field "first- and lastname" in order to create a working Certificate.

  • The CSR is then created with:

$NFO_HOME/java/jre/jre/bin/keytool -certreq -keyalg RSA -alias tomcat \
-file certreq.csr -keystore $NFO_HOME/tomcat/conf/.tomcat_keystore

Now you have a file called certreq.csr that you can submit to the Certificate Authority (look at the documentation of the Certificate Authority website on how to do this). In return you get a Certificate.

Import the Certificate

Now that you have your Certificate you can import it into your local keystore. First of all you have to import a so called Chain Certificate or Root Certificate into your keystore. After that you can proceed with importing your Certificate.

  • Download a Chain Certificate from the Certificate Authority you obtained the Certificate from. For Verisign.com commercial certificates go to: http://www.verisign.com/support/install/intermediate.html For Verisign.com trial certificates go to: http://www.verisign.com/support/verisign-intermediate-ca/Trial_Secure_Server_Root/index.html For Trustcenter.de go to: http://www.trustcenter.de/certservices/cacerts/en/en.htm#server For Thawte.com go to: http://www.thawte.com/certs/trustmap.html

  • Import the Chain Certificate into your keystore

$NFO_HOME/java/jre/jre/bin/keytool -import -alias root \
-keystore $NFO_HOME/tomcat/conf/.tomcat_keystore \
-trustcacerts -file <filename_of_the_chain_certificate>

  • And finally import your new Certificate

$NFO_HOME/java/jre/jre/bin/keytool -import -alias tomcat \
-keystore $NFO_HOME/tomcat/conf/.tomcat_keystore \
-file <your_certificate_filename>

Please see Import the Certificate into NFO External Data Feeder truststore section in External Data Feeder for NFO Getting Started Guide for additional information.

Previous
NFO Server Settings for High-volume Processing (Linux)
Next
High Availability Deployment
Last updated 2 months ago