Introduction:

This document will provide step by step instructions to set up a LaunchWorks server to use SSL encryption for communications between Apache Tomcat and the various applications components like Report Launch and Dashboard Launch. In this case the certificate authority is GoDaddy.com which has the most reasonable prices for SSL certificates needed to secure the site.

References:

https://support.godaddy.com/help/article/5269/generating-a-certificate-signing-request-csr-apache-2-x

 

Getting Started:

  • Log into the LaunchWorks server with an administrator capable account.

  • The prerequisite for this process requires the Apache 2.2 or above installed on the target server.

  • Open a CMD window and navigate to the root drive where the Launchworks server software is installed. This is frequently the C:\ drive on a virtual server but check for the LaunchWorks folders to make certain where LaunchWorks software is located i.e. Apache Software Foundation\Apache2.2\bin

 


 

  • Navigate to the root of the installation drive for the LaunchWorks software (C: or D: )

  • create a directory called SSL i.e. mkdir SSL

 

Generate the Key and CSR

  • Enter the following command (assumes C: is installation drive)

    • CD C:\Program files (x86)\Apache Software Foundation\Apache2.2\bin

    • openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr -config "C:\Program Files\Apache Software Foundation\Apache2.2\conf\openssl.cnf"

      • If you still encounter the error:

        • WARNING: can't open config file: /usr/local/ssl/openssl.cnf openssl:Error: '-config' is an invalid command.

        • Then execute the following command first:

          • set OPENSSL_CONF=C:\Program Files\Apache Software Foundation\Apache2.2\conf\openssl.cnf

Input the information for the Certificate Signing Request. This information will be displayed in the certificate.

Note: The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&

Country Name (2 letter code) [AU]:US

State or Province Name (full name) [Some-State]:Texas

Locality Name (eg, city) []:Boerne

Organization Name (eg, company) [Internet Widgits Pty Ltd]:LaunchWorks

Organizational Unit Name (eg, section) []:RapidStack

Common Name (e.g, server FQDN or YOUR name) []:trial.rapidstack.net

Note: DO NOT Enter the following:

Email Address []:

A challenge password []:

An optional company name []:

  • Copy the csr and key file created to this directory

    • copy yourdomain.* c:\ssl

  • Open the yourdomain.csr file in notepad it should look like this:

  • You will use this information to activate your certificate with your certificate provider.


  • When you copy this information select all of the file i.e. control-A

 

Obtaining a SSL Certificate from GoDaddy.com

 

GoDaddy.com is a Certificate Authority which provides SSL certificates that are used to secure website. Start by navigating to GoDaddy.com where you will need to create an account to purchase a SSL certificate. Log into your GoDaddy account (launchworks/Q****4) and choose SSL & Site Protection from the All Products menu. Select the link to purchase a SSL Certificate. Follow the process to purchase a SSL Certificate and once the purchase has been completed you will have an SSL certificate added to your “My Account” information.


  • While logged into GoDaddy.com click on the “My Account” links to display the products that you have purchased from GoDaddy.com. Click on the “+” in front of the SSL CERTIFICATES” to see your new certificate.

 

  • If you have completed the creation of your “apache.csr” file in the prior steps you can now open the “apache.csr” file in Notepad and copy the entire contents to the Windows clipboard (Ctrl-A,CTRL-C).

  • To activate your certificate click on the OPTIONS link next to your new certificate. This will display a screen that will tell you that your certificate is pending activation. Click on the Launch Control Center button on the top right.

  • If you are using an existing certificate Click on Rekey button

  • This will present a screen where you can paste the contents of the “apache.csr” file into the area labeled “Enter your Certificate Signing Request (CSR) below:” and complete the page to perform Domain Validation.

 

 

 

 

  • Wait on the Certificate REquest Verification screen and monitor Verification Progress

 

 

 

If creating certificate for a non-launchworks domain you will be prompted to take additional steps to verify Domain Ownership:

  • Use the Download HTML page link. You will copy this file to the domain host system.

  • If the domain host has IIS installed, you will need to stop the World Wide Web Publishing service as by default both IIS and Apache listen on port 80

  • Make the downloaded page accessible on the domain host system (e.g. http://exchange.joshuacreek.com/EnfEAyat.html). This can be done by placing the html file in <Apache Server Root>/htdocs directory (e.g. C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\EnfEAyat.html)

 

  • Once this process is complete the certificate will be generated. You will be able to download the ZIP file with all the required certificates that will be installed on server from the GoDaddy site. Place a copy of this file on the server so the certificates can be installed.

 

  • The link will take you to a site to download the certificate and root certificates that must be installed along with your new SSL certificate

 

  • Click on on the Download to download a zip file with your certificates.

  • Choose the Apache

 

 

 

Install SSL Certificates in Apache

Source: https://www.sslshopper.com/apache-server-ssl-installation-instructions.html and https://support.godaddy.com/help/article/5238/installing-an-ssl-certificate-in-apache

Edit the /conf/httpd.conf file

  1. remove the # in front of the following two lines

LoadModule ssl_module modules/mod_ssl.so

AND

Include conf/extra/httpd-ssl.conf

2) change the httpd-ssl.conf to lw-ssl.conf

3) save the http.conf file

Place the lw-ssl.conf file into the conf/extra/ directory

1) make update for your domain and server

NOTE: If you are configuring an additional domain, create new Listen, NameVirtualHost and Virtualhost sections

  1. update the domain name in the sections for Server Certificate , Server Private Key and Server Certificate Chain

  2. update the IP address

Listen 9443

NameVirtualHost ipaddress:443

<Virtualhost ipaddress:443>

SSLEngine On

SSLProtocal all -SSLv2

SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5

SSLCertificateFile =”C:/SSL/234876716.crt”

SSLCertificateKeyFile=”C:/SSL/domain.key”

SSLCertificateChainFile=”C:/SSL/gd_bundle-g2-g1.crt”

<Location “/launch/”>

 <IfModule proxy_module>

 ProxyPass http://ipaddress:8080/launch/

 ProxyPassReverse http://ipaddress:8080/launch/

 </IfModule>

</Location>

</VirtualHost>

 

5) Start Apache

6) Open any firewall ports for SSL port

7) Update domain DNS zone to point subdomain to firewall

  1. Log into GoDaddy account

  2. Domains > click Manage 

  1. Click the appropriate Domain

  2. DNS Zone File tab

  3. Add Record

    1. Record Type = A (Host)

    2. Host = the subdomain (eg teardown.launchworks.com, just “teardown”)

    3. Points To = the externally facing IP address

    4. TTL = 1hr

  4. Click Finish

  5. Log into LaunchWorks router: 192.168.1.1

  6. NAT / QoS tab > Port Forwarding

  7. Add entry:

    1. Application - name of the app

    2. Port From - incoming port (from the external IP)

    3. Protocol = both

    4. IP Address = the internal server IP

    5. Port to = the internal servers port to route to