Need help with SSL

Julius Alexander shared this question 19 months ago
Answered

So I am trying to get SSL set up. The problem is YF points us toward tomcat documentation on the official tomcat site, while not actually being a typical tomcat install. So I cannot follow their docs word for word nor do I know enough about tomcat to truly grasp how yellowfin differs.


The tomcat docs would have me generate a key using the keytool which creates a .keystore file. The actual system.xml (where I assume I define ssl) has two commented out spaces for it, one looking for a .jks filetype or a .pem neither of which I have from the keytool.


Furthermore I need to restart the tomcat service to test anything. I am assuming that is accomplished by restarting the yellowfin service.


I am running yellowfin on windows server.


Any help on getting the ssl setup would be appreciate greatly.

Comments (1)

photo
1

Hi Julius,

Thanks for reaching out with your question. I'd like to start by pointing you towards our article written for just this, available here. I have written said article with step by step instructions on performing this directly on a Yellowfin installation. This article will guide you through creating a keystore and enabling the secured port.

In regards to your question about the Tomcat service, restarting the Yellowfin service will accomplish that goal.

Please give the above article a go and let me know if you have further questions.

Thanks,

Ryan

photo
1

Thank you Ryan. I've found this article, but I still have questions.


First the article points us to tomcat for generating a key after the keystore is created. However what if I simply want to import a key?


The tomcat docs (and your doc) also do not really go into depth about how the pathing works. So lets say I put the file into c:\yellowfin\appserer\conf\ how would the path specify that in the system.xml? do I point it to the .keystore file? Also how?


I think I'm very close to having this working and I appreciate the help.

photo
1

Hi Julius,

Happy to help! There are a couple of links on the article pointing to just this information. Please review this link for more info.

Essentially, you can simply place the key in an accessible path and point to it in the server.xml file where you configured your connector.

As far as specifying the path, this can be relative or absolute. To expand on that, in your provided example you could either:

absolute: c:\yellowfin\appserer\conf\$keystorefile

or

relative: appserer/conf/$keystorefile

Let me know how it goes.

Thanks,

Ryan

photo
1

Thank you Ryan, Following your examples I put a pfx file in the conf dir and used almost the word for word example you gave, swapping out the file name for my own and swapping the key.


It worked.


You sir are a gentleman and a scholar.

photo
1

Hi Julius,

That's great to hear! I'll go ahead and mark this as answered. Please do not hesitate to reach out with further questions or issues.

Thanks,

Ryan

photo