SSL / HTTPS

For those with command line phobia you should be able to do the same thing with one of these tools

Consider a free certificate (not self signed) as an alternative to not using SSL.

0) Quick godaddy example

1) Prepare

Before an HTTPS connection is created it is recommended to create a backup of the multiserver.conf file, located within the install directory, inside the "cfg" directory.

Add keytool to your path if it's not already:

SET PATH=%PATH%;%PROGRAMFILES%\java\jre8\bin

2) Generating an X509 Certificate and Keystore

keytool -genkey -alias noodle.domain.tld -keysize 2048 -validity 365 -keyalg RSA -keystore noodle.keystore

The alias MUST be the domain name (this restriction permits the use of SSL SNI).
Once this command has been entered, the keytool will ask some questions regarding your company. Enter information as follows:

  • Keystore Password: The first time you run this tool, it will create the keystore file protected by a password. You will need this password every time you access the keystore file.
  • First and Last name: MUST be the domain name, for example intranet.company.com
  • Name of organizational unit: This is not the company name, but may be an internal department, for example Marketing Department
  • Name of your organization: Your company name, for example Vialect Inc
  • City or location: For example, Windsor
  • State or Province: For example, Ontario
  • 2-Letter Country code: For example, CA
  • Certificate password: This can be the same as the password for the keystore file

3) It is common but optional to get your Certificate Signed

Popular Certificate Authorities (CA)  include Thawte, VeriSign, GoDaddy, and Network Solutions.

Make a certificate request:

keytool -certreq -sigalg MD5withRSA -alias noodle.domain.tld -keystore noodle.keystore -file noodlecert.csr

You want to get your csr signed for a "Tomcat" server. Contact your Signing Authority for help getting your CSR signed.

Importing root certificates:

keytool -import -alias carootcert -trustcacerts -file ca-root.crt -keystore noodle.keystore

Importing intermediate certificates if there are any:

keytool -import -alias intermediate -trustcacerts -file intermediate.crt -keystore noodle.keystore

Applying the Certificate Signature:

keytool -import -alias noodle.domain.tld -trustcacerts -file noodlecert.crt -keystore noodle.keystore

4) Creating an HTTPS Connection using the Enhydra Console

The first step is to access the enhydra console. This is located on the Noodle server on port 8001. Open a browser and type in either the URL or IP address followed by the port as follows:

http://192.168.0.101:8001 or http://intranet.mycompany.com:8001

You will now be prompted for a username and password. These will have been configured during the installation process. Once the username and password have been entered correctly, the console itself will open up. Click on the intranet application and then the Connections tab as shown:

Any existing HTTPS connections must be removed from the list of connections in the Enhydra console.

Then click on the Create Connection button at the top-right of the connections section. This will open up a new window which will allow a new connection to be created. Click on the HTTPS radio button at the top of the window to expand the window to allow the new connection to be configured.

There are 3 settings to be altered:

Client Authentication - This field should be set to false
Key Store Location - The field should contain the path and filename for the keystore file created in Step One.
Password - The field should contain the password for the keystore file.

Once the connection has been completed, ensure the new HTTPS connection is enabled. Click the Save State button on the left-hand menu.

The new connection has now been completed and Noodle can now be accessed using the HTTPS protocol. The new URL for your Noodle will be almost identical, except now it will be preceded by HTTPS, instead of the old HTTP, as follows:

HTTPS://192.168.0.101
or
HTTPS://mycompany.intranet.com

5) Optional Redirect HTTP to HTTPS

read how here.

7) Optional Use Strong encryption

read how here.

Converting