Skip to main content

How to apply SSL certificate

OPNBI application can be installed in local machine as well as on server machine. generally it is suggested to install OPNBI on the server machine for centralized access of application over the network. By doing so any user having access of opnbi can access the application through browser over the network.

Objective

Objective of this document is to guide user on how to setup SSL certificate in OPNBI

Prerequisites

  • SSL certificate for Tomcat server (it should be in .pfx file format)

  • Password file for SSL certificate

If application is installed for persoanl use, you can install opnbi in local machine and it will work for a single user.

info

Any user connected on the same network can access the application by using IP address of host machine instead of localhost and rest of the URL as it is.

For example, Host machine has opnbi installed and having machine IP address of 192.168.0.1. Now any user connected on the same netework as host machine connected can access opnbi by using this IP address of host machine. Locally opnbi is accessed by writing http://localhost:port_number/opnbi and remote user can access opnbi by http://192.168.0.1:port_number/opnbi

But in other scenario, if there is requirement in an organization that any user within organization should access the application from browser, you need to provide SSL certificate for opnbi. SSL certificate for tomcat server can be generated by IT department of organization.

In this document we will describe how to configure SSL certificate with opnbi and in what format opnbi accepts SSL certificate.

warning

SSL certificate should be generated for Tomcat Server as opnbi application is hosted on Tomcat Server

Steps to apply SSL certificate

Follow these steps once you have all prerequisite files ready and to link SSL certificate with opnbi;

warning

Please take a backup of server.xml file before making any changes

  1. Place all dependecy files mentioned in prerequisite in to (your_directory)/OPNBI/tomcat/conf folder.

  2. Inside this folder you will see server.xml file. open this file in to any text editor to make changes

  3. In server.xml file you will find SSLHostConfig property somewhere which is commented by default. refer below image for your reference,

    Docusaurus Slash Introduction

  4. Un-comment this code snippet in this file and replace with property as gievn below;

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="conf/certificate_name.pfx"
keystoreType="PKCS12"
keystorePass="certificate_password_hare" />

Field to be updated

In above property following fields need to be updated to apply your SSL certificate,

  • port: provide port number by which certificate is binded. (Generally this info is provided along with certificate by IT person)

  • keystoreFile: you will have .pfx file of your certificate in (your_directory)/OPNBI/tomcat/conf folder. just provide name of certificate provided to you in this property after conf/ path.

  • keystorePass: you will be provided a password for this certificate. write that password here

    Keep all other settings as it is as shown in above code snippet.

  1. Save this file and restart tomcat server to reflect the changes.

  2. Once server is started successfully, try to access opnbi with domain name & port number provided in certificate from outside of the server machine.

info

If opnbi is not accessed from outside of server machine with the domain name provided, try to access with server ip address instead of domain name provided.

Still if you are unable to access application, verify certificate bindings and validate certificate path provided in server.xml file is correct or not.