Integrate Software AG Products Using Digital Event Services 10.4 | Integrate Software AG Products Using Digital Event Services | MashZone NextGen Help | Appendix | Administration | MashZone NextGen Server Configuration | Configure MashZone NextGen for SSL and Digital Certificates | Configure HTTPS and Certficate Stores in the Application Server
 
Configure HTTPS and Certficate Stores in the Application Server
Configuration for SSL for MashZone NextGen can be defined in the application server that hosts the MashZone NextGen Server. These instructions discuss the basic steps for configuring SSL in Tomcat. See Tomcat Documentation or the documentation for your application server for detailed information.
1. If you do not yet have a key store, trust store and certificate for the MashZone NextGen Server, find or create these stores and certificate. See The Certificate Store and Certificates for instructions.
2. Configure Tomcat for secure connections from clients to the MashZone NextGen Server:
a. Edit the server.xml file for Tomcat to uncomment and configure the <Connector> element for SSL/HTTPS 1.1. For example:
<Connector port="8443" protocol="HTTP/1.1"
SSLEnabled="true" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="conf/tomcat.jks"
keystorePass="keystrpwd"
truststoreFile="conf/tomcat.jks"
truststorePass="truststrpwd" />
This example uses the default Tomcat port, 8443, and mutual SSL, based on the clientAuth value. If this was a one-way connection, you would set clientAuth to false. This example also uses the default Tomcat certificate store, conf/tomcat.jks, as both the key store and the trust store. See Tomcat documentation for information on other properties.
b. Once you have configured an HTTPS port in your application server, update port configuration for the MashZone NextGen Server to listen to that port. See Configure the MashZone NextGen server with custom ports for more information on this step.
c. Enable MashZone NextGen to use secure session cookies:
a. Open the web.xml file located in <MashZone NextGen installation>/apache-tomcat/webapps/mashzone/WEB-INF/ in a text editor.
b. Find the session-config/cookie-config/secure element and change the value to true.
Example
<session-config>
<session-timeout>30</session-timeout>
<!--
Set the "secure" flag to true when using HTTPS for enhanced security
-->
<cookie-config>
<secure>false</secure>
</cookie-config>
</session-config>
Note: Once this is set to true, only HTTPS access will be allowed.
3. If needed, enable MashZone NextGen authentication to use certificates. See Authentication with Digital Certificates/SSL for instructions.

Copyright © 2019 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.
Innovation Release