Configuring a PKCS#12 HTTPS keystore

Depending on customer requirements, it may be required to configure LN UI with an existing keystore in PKCS#12 format for HTTPS communications. This type of keystore file typically has a .pfx or .p12 extension.

To use an existing PKCS#12 keystore:

  1. Establish the basic HTTPS configuration using a self-signed keystore. To do this, complete the steps under Configuring Tomcat HTTPS connector.
  2. Ensure that the PKCS#12 keystore file has a .pfx or .p12 extension.
  3. Locate the conf/server.xml file in the installation directory of the Tomcat web server and open it in a text editor. Complete these steps:
    1. Locate the Connector XML element with SSLEnabled="true".
    2. Replace the value of certificateKeystoreFile by the full path of the PKCS#12 keystore file.
    3. Replace the value of certificateKeystorePassword by the password of the PKCS#12 keystore file.
    4. Save the file and exit the text editor.
  4. Restart the Tomcat web server to apply the changes.
  5. To verify that the configuration was completed successfully, browse to a URL with this format:
    https://server1.initrode.com:8443/webui/servlet/admin

    LN UI Administration Webapp starts.

  6. Use the padlock of the browser's address bar to inspect the certificate information and verify that the expected CA-signed certificate is displayed.