How to Apply SSL for Web UI and ASAP for Release Automation
For every machine where a certificate is to be generated (usually this means NAC, NES and Agent), the following conditions must apply:
Set JDK bin path in Windows Server,
1. Open Command Line in NAC folder.
2. Run the following 6 commands one by one and follow their directives.
a) keytool -genkeypair -keyalg RSA -keysize 2048 -keystore conf/custom-keystore.jks -alias nac-env
b) keytool -exportcert -alias nac-env -file nac.crt -keystore conf/custom-keystore.jks -v
c) keytool -importcert -alias nac-env -file nac.crt -keystore conf/custom-truststore.jks -v -rfc
d) keytool -importcert -alias nac-env -file nac.crt -keystore nolio.jks -v -rfc
e) jar cvf custom-truststore.jar nolio.jks
f) jarsigner -keystore conf/custom-keystore.jks -verbose -keypass PASSWORD custom-truststore.jar nac-env
3. Copy the file custom-truststore.jar (created in step 3) to \webapps\nolio-app\apps\v2.0.0\lib\
4. Create the file \conf\security-customization.properties and populate it with the following line:
ui.trustStorePassword=<plaintext password for keystore generated for custom-truststore.jar>
5. Locate the file \conf\server.xml
6. Make a copy of this file and name it server.xml.original
7. Open server.xml
8. Modify “Connector” section in server.xml as follows (4 changes):
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
compression="on"
compressionMinSize="102400"
compressableMimeType="application/x-java-serialized-object"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="false"
sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"
keyAlias="nac-env"
keystoreFile="conf/custom-keystore.jks"
keystorePass="<plaintext password for keystore">
maxSwallowSize="-1">
</Connector>
9. Close all instances of ASAP and ROC.
10. Clear Java cache by running: javaws –uninstall
11. Restart NAC service.
To verify Web UI Certificates Were Applied