The instructions below are for versions 10.0.4 through 11. If you are running a version prior to 10.0.4, please contact email@example.com for more information. If you are running version 12 or newer, you will want to reference one of these articles.
The following steps are to enable SSL support in the instance of Tomcat that MITS installs and uses. This is independent of any other instances of Tomcat that may be running on the server.
This configuration may be lost during an upgrade of MITS. It's likely you'll need to reapply these changes after each upgrade.
A) Create PFX using existing SSL cert from IIS.
- From the web server, click Start
- In the Search programs and files field, type mmc
- From the Programs list, click mmc.exe
- At the permission prompt, click Yes
- From the Microsoft Management Console (MMC), click File > Add/Remove Snap-in
- From the list of snap-ins, select Certificates
- Click Add
- Select Computer account
- Click Next
- Select Local computer (the computer this console is running on)
- Click Finish
- In the Add/Remove Snap-in window, click OK
- Save these console settings for future use
- Double click on Certificates (Local Computer) in the center window.
- Double click on the Personal folder, and then on Certificates.
- Right Click on the Certificate you would like to backup and choose > All Tasks > Export
- Follow the Certificate Export Wizard to backup your certificate to a .pfx file. Use the"Personal Information Exchange - PKCS #12 (.PFX)" format.
- Choose to 'Yes, export the private key'
- Choose to "Include all certificates in certificate path if possible." (do NOT select the delete Private Key option)
- Enter a password you will remember
- Choose to save file on a set location
- Click Finish
- You will receive a message > "The export was successful." > Click OK
- The .pfx file backup is now saved in the location you selected.
Take note of exported PFX filename and password used. You will need this information later.
B) Make a backup of the server.xml file. It is located here:
[MITS Install Location]/webserver/conf/server.xml
C) Edit the server.xml file by making the changes highlighted in red below. Uncomment the SSL connector by removing the <!-- and --> from the ends.
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8" keystoreFile="conf/wildcard.cert.pfx" keystoreType="PKCS12" keystorePass="password_goes_here"/>
1.) Please verify that the server.xml contains the "address=127.0.0.1"
2.) Additionally, the Connector should ALWAYS remain commented in.
D) Restart the MITS service to pick up new settings.
E) Reconfigure any firewall port(s) to allow 443 to this server.