Adding a Certificate to Chronicall for HTTPS
Self Signed Certificate
Step 1: Create a keystore and self-signed certificate using the Java keytool keytool -keystore chronicallkeystore.jks -genkey -alias chronicall -keyalg RSA
- Follow the Prompts
Step 2: Update Chronicall settings
To do this:
- Under the Admin (System) section found on the left-hand side of the Chronicall main page, select the "System Settings" option.
- Select "Advanced Settings"
- Locate the "HTTPS Configuration" section and select the ellipses (...) to the right.
The HTTPS Settings window will then appear.
- Set the HTTPS Enabled option to "True"
- Set Keystore Directory to chronicallkeystore.jks (usually located in the same directory as keytool)
- Set "Keystore Password" to match the password that was created during the keystore creation (Step 1)
- Set "Allow Self-Signed" to "True"
- Click OK, then click "Save" at the bottom of the page.
Note: Once the settings have been saved, you will need to restart the Chronicall services for the change to take effect. To do so, see this article.
Requesting and Importing Certificate from a known Certificate Authority
Step 1: Create a keystore keytool -keysize 2048 -genkey -alias chronicall -keyalg RSA -keystore chronicallkeystore.jks
- Follow the prompts
Step 2: Create a CSR (Certificate Signing Request)
keytool -certreq -keyalg RSA -alias chronicall -file chronicall.csr -keystore chronicallkeystore.jks
- Follow the prompts
Step 3: Send chronicall.csr (usually located in same directory as keytool) to your CA provider.
Step 4: Once your certificate is issued import the root certificate
keytool -import -alias root -keystore chronicallkeystore.jks -trustcacerts -file [name of the root certificate]
Step 5: Import the intermediate certificate
*keytool -import -alias intermed -keystore chronicallkeystore.jks -trustcacerts -file [name of the intermediate certificate]
Step 6: Import the issued certificate
keytool -import -alias tomcat -keystore chronicallkeystore.jks -trustcacerts -file [name of the certificate]
- Update the server.xml file with the correct keystore location in the Tomcat directory.
Step 7: Update the Chronicall settings
To do this:
- Under the Admin (System) section found on the left-hand side of the Chronicall main page, select the "System Settings" option.
- Select "Advanced Settings"
- Locate the "HTTPS Configuration" section and select the ellipses (...) to the right.
- Set the HTTPS Enabled option to "True"
- Set Keystore Directory to the path of chronicallkeystore.jks (usually Java/jre/bin)
- Set "Keystore Password" to match the password that was created during the keystore creation (Step 1)
Note: Once the settings have been saved, you will need to restart the Chronicall services for the change to take effect. To do so, see this article.
Updated over 5 years ago