Configuring SSL for Helix Artifacts (Optional)
You must be an admin or super user to configure Helix Artifacts.
This section describes how to secure your Helix Artifacts communications over SSL using the HTTPS protocol. This involves creating a Java keystore with a valid SSL certificate.
To secure Helix Artifacts with HTTPS SSL access:
- Create a CSR and private key with the following command:
- Provide answers to the questions about your organization and the domain you are installing the Helix Artifacts service on.
- Send the CSR to your Certificate provider to create a valid certificate and Chained Authority.
- View an existing CSR with the following command:
- Add the certificate to a java keystore and bundle any chained authority. For example with the following:
- Certificate example.com.crt
- Chained authority CA.crt
- Private key server.key:
- Combine your machines certificate and private key to produce a PK12 formatted file:
- Create/Add the PK12 file to the Java keystore:
- Bundle the CA.crt:
- Migrate to PKCS12:
-
Copy the keystore to suitable location and check the file permissions, for example:
- Windows: c:\Program Files\Perforce
- Linux: /opt/perforce
- Make a note of the keystore location and password for use during the configuration of Helix Artifacts.
- Configure the Java Keystore Location, password, and switch to https, see Configuring the micro-services:
- Restart the Helix Artifacts service.
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
openssl req -text -noout -verify -in server.csr
openssl pkcs12 -export -in example.com.crt -inkey server.key -name example.com -out example.com.p12 Enter [password]
keytool -importkeystore -deststorepass [password] -destkeystore keystore.jks -srckeystore example.com.p12 -srcstoretype PKCS12 Enter [password]
keytool -import -alias bundle -trustcacerts -file CA.crt -keystore keystore.jks Enter [password]
keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.jks -deststoretype pkcs12 Enter [password]
Helix Artifacts is now configured for https.