Hi Yang,

You should have a look at https://letsencrypt.org/zh-cn/

HTH

Jacques

Le 28/08/2024 à 17:30, 雷咩咩 a écrit :
hi ofbiz users,




I've successfully started ofbiz and reverse proxied by nginx, can visit 
by https://leiyang.icu/accounting/control/login.

However, as I also have other websites using this domain(on some other 
locations), I'd like to configure ssl certificate for ofbiz on port 8443,

and want to visit it by https://leiyang.icu:8443/accounting/control/login

is it possible?




I read the docs which says:




...omitted previous steps since my jks cert can be directly downloaded from my 
vendor, also has a password file containing the plain text password.

5. Import the Certificate into the keystore by running:
"keytool -import -alias ssl -trustcacerts -file mysignedcert.cer -keystore [keystore 
name]"
6. Configure the framework\catalina\ofbiz-component.xml file to point to your 
new keystore and password:
If using Tomcat (Catalina), which is the default, find the "catalina-container" -> "https-connector" 
-> "keystoreFile" and "keystorePass" properties
and set them.






I have configured framework\catalina\ofbiz-component.xml to be like this:

&nbsp; &nbsp; &nbsp; &nbsp; <property name="https-connector" 
value="connector"&gt;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <property name="default" 
value="certificate"&gt;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <property 
name="certificateKeystoreFile" value="/home/ecs-user/certs/leiyang.icu.jks"/&gt;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <property 
name="certificateKeystorePassword" value="mypassword"/&gt;






but accessing 8443 url got insecure error.




Could anyone tell me why, and how to investigate?

My certificate is valid(otherwise my main site on 443 port cannot work).




Must I run the keytool command? i see 8443 cert is still the apache one, seems 
my settings not work at all.

My vendor provides following cert formats:




Nginx pem/key,&nbsp;Tomcat pfx,&nbsp;Apache crt/key,&nbsp;IIS pfx,&nbsp;JKS 
jks,&nbsp;pem/key,&nbsp;root crt/cer




Regards,

Yang

Reply via email to