7.3 Enabling HTTPS on Appliance

To enable HTTPS on Appliance, perform the following:

  1. Generate a self-signed certificate:

    1. Open the SSH Secure Shell and execute the keytool command.

    2. Go to the Java installed path.

    3. Execute the keytool –genkey –alias xxxx –keyalg RSA command.

    4. Specify the password for keystore.

    5. Specify the hostname name in the Fully Qualified Domain Name (FQDN) and organization details.

      After executing the keytool command, the keytool generates a public key and private key pair and stores it in the keystore file located at /usr/java/jdk1.8.0_91/jre/lib/security.

      The certificates need to be signed by a Certificate Authority to add into the trusted store.

  2. Enable the SSL for Service Desk:

    1. To enable SSL connection, enable HTTPS in the server.xml file located at /opt/novell/nsd/ServiceDesk/Server/conf.

    2. Add the Keystore password in the server.xml file.

      For the below example we have mentioned ‘novell’ as password. Remove the comment around node to enable SSL.

      <!--<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="SSL" sslEnabledProtocols="TLSv1.2" KeystorePass="novell" ciphers="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256"/> -->

    3. Save and restart the server.

  3. Test the HTTPS URL.

    The application should be able to run on HTTPS using the https://localhost:8443 or https://<IP address>:8443 URL.

  4. Enable only HTTPS:

    1. Stop the LiveTime services.

    2. Open the Web.xml file located at /opt/novell/nsd/servicedesk/server/conf and add the following content before the closing of </web-app> markup:

      <security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!--auth-constraint goes here if you require authentication-->
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

  5. Restart the services.