Altair® Panopticon

 

Enabling SSL for the Panopticon Visualization Server

The steps shown in this guide use the keytool command for managing keyStores and certificates. The keytool command is part of the Java distribution and can be found in the JAVA_HOME\bin. Make sure you have the JAVA_HOME\bin folder in your PATH environment variable, in order to run the command. Details on the keytool command can be found here: https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html

Follow the steps below to configure SSL for the Panopticon Visualization Server.

Steps:

1.    Change directory to the CATALINA_HOME\conffolder, which is where we want to generate the Tomcat keystore.

2.    Create a keyStore file to store the private key and self-signed certificate used to identify the server:

keytool -genkey -alias myalias -keyalg RSA -keystore keystore.jks

NOTE

Java is strict when validating the certificate of a host.

If the domain name store in the certificate does not match the domain of the server, the connection will be rejected. Enter the target domain name (www.mydomain.com) when keytool asks for “your first and last name”, when running the command above.

 

3.    Add an SSL HTTP/1.1 Connector entry in $CATALINA_BASE/conf/server.xml

<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="conf/keystore.jks" keystorePass="keystorepassword" clientAuth="false" sslProtocol="TLS"/>

 

4.    Disable unencrypted server access by commenting out the default HTTP connector for port 8080.

<!-- <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> -->

 

5.    After completing the configuration changes, you must restart Tomcat. When the process is back up you should be able to connect over SSL using the URL below:

https://localhost:8443/panopticon

Details on how to configure Apache Tomcat SSL can be found at:

https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html