Files

• /var/opt/viscount/tomcat/conf/server.xml

• /var/opt/viscount/etc/viscount.xml

Steps

1. Generate the self-signed certificate
   
   keytool -genkey -keyalg RSA -alias selfsigned -keystore /var/opt/viscount/etc/freedom.jks -storepass keystore_password -validity 3650 -keysize 2048
   
   

2. Update the tomcat configuration:
   
   vim /var/opt/viscount/tomcat/conf/server.xml
   
   

3. Find the entry of Http11Protocol and uncomment the entry. Change the port from 8443 to 443 and add the keystore parameters
   
   <!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the BIO implementation that requires the JSSE
style configuration. When using the APR/native implementation, the
OpenSSL style configuration is required as described in the APR/native
documentation -->

<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="/var/opt/viscount/etc/freedom.jks" keystorePass="keystore_password"
clientAuth="false" sslProtocol="TLS" />

4. Restart tomcat
   
   systemctl restart tomcat
   
   

5. Update the firewall to allow https traffic
   
   vim /var/opt/viscount/etc/viscount.xml
   add line <service name="https"/> after the http line.
   
   

6. Restart the firewall
   
   systemctl restart firewalld
   
   

7. Connect to Primis UI using the url
   
   <https://<ip> address or hostname>:443