Skip to main content
All CollectionsGetting StartedAdvanced Configuration Settings
Changing the Faddom server SSL certificate
Changing the Faddom server SSL certificate
Alex Patnick avatar
Written by Alex Patnick
Updated over a week ago

The Faddom server comes pre-configured with a self-signed SSL certificate. It is recommended to replace the certificate with one of your own. Following are instructions on changing the certificate that the Faddom server uses.

Creating a new certificate

In most cases, you will want to create a new certificate for Faddom using your organization's CA. If for some reason you want to create a new self-signed certificate, you can use OpenSSL and the following command:

sudo openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -sha256 -days 365
sudo openssl pkcs12 -export -out keyStore.p12 -inkey key.pem -in cert.pem

In this guide, we will show how to update the certificate using a certificate and key in the PKCS12 format, but this can be done using other common formats as well.

Creating a Java key store

Linux

Once you have a new certificate and key, you need to convert it to a format that is usable by Tomcat. This can be done using the java keytool utility. This utility is available in any Java installation and is also included in the Faddom virtual appliance.

In order to create a new keystore, use the following command:

sudo keytool -importkeystore -destkeystore <path> -srckeystore keyStore.p12 -srcstoretype PKCS12

Enter the password for your key when prompted and set a password for the new keystore.

Windows

To open the Java keytool in Windows, open CMD and navigate to C:\<Faddom Install>\Java\Bin. Then Enter the command

keytool -importkeystore -destkeystore <path> -srckeystore keyStore.p12 -srcstoretype PKCS12

Updating the Faddom server to use the new certificate

Linux

You now need to change the Keystore that Tomcat uses, you now need to do the following via SSH

  1. Enter the command
    sudo vi /usr/local/tomcat9/conf/server.xml

    In that file, locate the Connector element listening on port 9443. Change the keystoreFile attribute and point it at your new keystore. Also, make sure to update the keystorePass attribute to the correct password for your keystore.

  2. Change the owner of the file to allow Faddom to use it
    sudo chown -R tomcat:tomcat <keystorepath>

  3. Restart Tomcat
    sudo systemctl restart tomcat

Windows

  1. Open your text editor of choice as admin and open the file C:\Program Files\Faddom\Tomcat\server.xml
    In that file, locate the Connector element listening on port 9443. Change the keystoreFile attribute and point it at your new keystore. Also, make sure to update the keystorePass attribute to the correct password for your keystore.

  2. Change the owner of the file to allow Faddom to use it. To do this, right-click on the file (you may need to enable Show Hidden Folders) and then open Properties > Security tab > Advanced > Change Owner select NetworkService

  3. Restart the Tomcat service through Windows Services

Access the Faddom UI via Chrome and you will now be using the custom certificate

You should now be using the new certificate in your server.

Did this answer your question?