By default, Teamwork Cloud, AuthServer and WebApp use a self-signed certificate that is provided with the build. However, for production environments, it is highly recommended to use a certificate signed by trusted certificate authorities (CA). The steps described on this page should be followed in order to replace the self-signed certificate with a CA certificate, providing that you already have a private key and a certificate signed by a trusted CA.
Changing the self-signed certificate to a CA certificate
To change the self-signed certificate to a CA certificate
Update the keystore file with the new private/public key. The default keystore is located at <TWC_installation_directory>\configuration\keystore.p12. To do so, follow the steps:
Create a PKCS 12 file with the OpenSSL tool.
openssl pkcs12 -export -in <public_key_name>.crt -inkey <private_key_name>.key -out keystore.p12
Copy the keystore.p12 file to the <TWC_installation_directory>\configuration directory, replacing the default file with the new one.
Note for Windows users
- You can download OpenSSL binaries for Windows operating system from http://gnuwin32.sourceforge.net/packages/openssl.htm.
- All commands should be run with administrator rights in the directory where the OpenSSL executable resides.
Add the public certificate file to the <TWC_installation_directory>\AuthServer\config\truststore directory.
Delete the truststore.jks file located at <TWC_installation_directory>\AuthServer\config\truststore.jks.
If the default configuration (file names, locations, passwords, aliases, etc.) is not changed, no additional steps are necessary. If, however, you are changing the default configuration, then you also need to update the relevant properties in the corresponding files, as described below.
Teamwork Cloud
Update the default values for the properties indicated below in the <TWC_installation_directory>\configuration\application.conf file if any of the applicable values were changed.
https {
# the file name of the certificate or the key store (should be a full path)
file = "AuthServer/config/truststore/teamworkcloud.crt"
}
ssl {
keystorePath = "configuration/keystore.p12"
keystoreType = "pkcs12"
keystorePassword = "nomagic"
keyPassword = "nomagic"
}
cassandra {
enabled = false
keystorePath = "configuration/keystore.p12"
keystoreType = "pkcs12"
keystorePassword = "nomagic"
truststorePath = "configuration/keystore.p12"
truststoreType = "pkcs12"
truststorePassword = "nomagic"
}
AutherServer
Update the default values for the properties indicated below in the <TWC_installation_directory>\AuthServer\config\authserver.properties file if any of the applicable values were changed.
server.ssl.key-store=../configuration/keystore.p12 server.ssl.key-store-type=PKCS12 server.ssl.key-store-password=nomagic server.ssl.key-password=nomagic server.ssl.key-alias=teamworkcloud
WebApp
Update the default values for the properties indicated below in the <TWC_installation_directory>\WebAppPlatform\conf\server.xml file if any of the applicable values were changed.
<Certificate certificateKeystoreFile="../configuration/keystore.p12" certificateKeystorePassword="nomagic" type="RSA" />
All 3 services (Teamwork Cloud, Authserver, and Webapp) must be restarted once all of the configuration changes are completed.