Running a web application using https is generally e good idea, and nowadays is a must if your application is publicly exposed. Since release 6.3, running Twproject on https is necessary to enable desktop notifications.
Configuring Tomcat with https certificate requires some IT skills but there are several guides available online that can be of help to guide you in this procedure.
The Tomcat official giodelines is available here:
Sometimes the guides supplied by the certificate authorities are simpler, so we suggest you to check the one of your certificate provider before proceeding, try to find the guide that is simpler for you.
Here for example there is the one provided by GoDaddy, the one we use to manage our website certification:
In our experience, we create an handcrafted guide that should not replace the one supplied by the certificate provider but could be of help, just to understand the main steps to follow.
This guide works for Windows, but it will work for Linux too with some syntax changes:
The certification process consists in 4 phases:
- Private key generation
- Certification request to authority
- Certification Installation
- Tomcat configuration
Private key generation
To Create the private key open command console and navigate to C:\Program Files\teamwork\jre\bin (check your Twproject installation folder)
Now generate the key with the following command:
keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore pwd: [keystorepassword] last name: [Twproject public server name e.g. tw.acme.com] organization unit: [your organization name e.g IT Departement] Organization: [Your Company Name e.g. Acme] city: [Your city] state/province: [Your state/province] country:[Your country code two letters e.g IT]
Insert again the same password of keystore
Certification request to authority
Generate now the certification request:
keytool -certreq -alias tomcat -file csr.txt -keystore tomcat.keystore
Send the request to the certification authority following your provider guidelines, this could require several hours.
One your certificate is emitted download it and import it on the keystore:
keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file certificate from CA.crt
Modify Tomcat conf/server.xml to enabled https :
<Connector port="80" enableLookups="false" redirectPort="443" URIEncoding="UTF-8" connectionTimeout="20000" sisableUploadTimeout="true" maxHttpHeaderSize="1048576" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" /> <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8" keystoreFile="C:\program files\teamwork\https\tomcat.keystore" keystorePass="keystorepassword"/>
in order to force https on /conf/web.xml use these tags
At the end of these process restart Tomcat.
This should be everything you need to run Twproject on https.