Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagehtml/xml
<!-- HTTPS Connector
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
        maxThreads="150" scheme="https" secure="true" clientAuth="false"
        sslProtocol="TLS" keystoreFile="${catalina.home}/conf/keystore" keystorePass="password"
        connectionTimeout="20000" maxHttpHeaderSize="32768"
        useBodyEncodingForURI="true" />
-->

Frevvoproduct
recommends reviewing your Certificate Authority's documentation for detailed steps to configure your certificate in Apache Tomcat. Additional info on how to use SSL on tomcat can be found on the Apache/Tomcat website. Also refer to this article: How to solve javax.net ssl. SSLHandshakeException?

There are multiple ways of configuring certificates depending on their format. For example, a PKCS#12 (pfx or p12) certificate doesn't have to be imported into the keystore. It can be configured directly as:

Code Block
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
       scheme="https" secure="true"
       clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1+TLSv1.1+TLSv1.2"
       keystoreFile=C:\CERTDIRECTORY\CERT.pfx" keystorePass="YourPassword" keystoreType="PKCS12" 
       connectionTimeout="40000" maxHttpHeaderSize="32768" useBodyEncodingForURI="true"/>

However, PKCS#7 or P7B formats require importing the certificate chain into the keystore. The Certificate Authority needs to provide all the intermediate certificates to be imported. 

Currently you must not disable 

Frevvoproduct
stylefont-weight:bold
's http port. In a future release this will be allowed. Disabling 
Frevvoproduct
' http port will cause your form server to malfunction as 
Frevvoproduct
requires this port. For most cases it is sufficient to share the https version of your form/flow's Url and leave http open. However, if you want to force all form usage to be over https and feel it is not enough to simply share the https form Urls (as a user can switch to http as long as that port is open), we recommend that you deploy 
Frevvoproduct
behind an Apache or IIS server. Close the http port on Apache or IIS but leave tomcat's http port open so that 
Frevvoproduct
can POST back to itself when needed over http but no one outside can access it.

...