The Faddom server comes pre-configured with a self-signed SSL certificate. It is recommended to replace the certificate with one of your own. Following are instructions on changing the certificate that the Faddom server uses.
Creating a new certificate
In most cases, you will want to create a new certificate for Faddom using your organization's CA. If for some reason you want to create a new self-signed certificate, you can use OpenSSL and the following command:
sudo openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -sha256 -days 365
sudo openssl pkcs12 -export -out keyStore.p12 -inkey key.pem -in cert.pem
In this guide, we will show how to update the certificate using a certificate and key in the PKCS12 format, but this can be done using other common formats as well.
Creating a Java key store
Linux
Once you have a new certificate and key, you need to convert it to a format that is usable by Tomcat. This can be done using the java keytool utility. This utility is available in any Java installation and is also included in the Faddom virtual appliance.
In order to create a new keystore, use the following command:
sudo keytool -importkeystore -destkeystore <path> -srckeystore keyStore.p12 -srcstoretype PKCS12
Enter the password for your key when prompted and set a password for the new keystore.
Windows
To open the Java keytool in Windows, open CMD and navigate to C:\<Faddom Install>\Java\Bin. Then Enter the command
keytool -importkeystore -destkeystore <path> -srckeystore keyStore.p12 -srcstoretype PKCS12
Updating the Faddom server to use the new certificate
Linux
You now need to change the Keystore that Tomcat uses, you now need to do the following via SSH
Enter the command
sudo vi /usr/local/tomcat9/conf/server.xmlIn that file, locate the Connector element listening on port 9443. Change the keystoreFile attribute and point it at your new keystore. Also, make sure to update the keystorePass attribute to the correct password for your keystore.
Change the owner of the file to allow Faddom to use it
sudo chown -R tomcat:tomcat <keystorepath>Restart Tomcat
sudo systemctl restart tomcat
Windows
Open your text editor of choice as admin and open the file C:\Program Files\Faddom\Tomcat\server.xml
In that file, locate the Connector element listening on port 9443. Change the keystoreFile attribute and point it at your new keystore. Also, make sure to update the keystorePass attribute to the correct password for your keystore.
Change the owner of the file to allow Faddom to use it. To do this, right-click on the file (you may need to enable Show Hidden Folders) and then open Properties > Security tab > Advanced > Change Owner select NetworkService
Restart the Tomcat service through Windows Services
Access the Faddom UI via Chrome and you will now be using the custom certificate
You should now be using the new certificate in your server.