What can we help you with?
Search
Sorry, you do not have permission to carry out this action.
Avolve Software - Powered by Kayako Help Desk Software
What can we help you with?
Search
knowledgebase : Installation > Brava Server
How to update Apache Tomcat SSL Certificate

SSL For Tomcat

Certificates

For IIS we use .pfx files and this must be supplied by the customer.

For Tomcat we require a p7b certificate and if it is not received from the customer, you can create own.

1. Launch IIS and select the server name, then Server Certificates.

2. Right-click on the certificate and select Export.

3. Export the .pfx file to the root of the drive where ProjectDox resides, choose a password and confirm the password. You will need this password during the Tomcat SSL process.

4. Launch the mmc.exe on the web server.

5. Choose File, Add/Remove Snap-in and choose Certificates.

6. Click the Add button in the middle of the screen.

7. Choose the third radio button, Computer account then click Next.

8. Continue with the default radio, Local computer (the computer this console is running on), then click Finish.

9. Expand Personal, select Certificate, right mouse click on the certificate.

10. Choose All Tasks, Export.

11. Click Next on the Welcome to the Certificate Export Wizard.

12. Click the radio for Cryptographic Message Syntax Standard for PKCS #7 Certificates (.P7B)

13. Place a checkmark for Include all certificates in the certification path if possible, click Next.

14. Use the Browse button and navigate to the root drive where ProjectDox is installed and save the file as a .p7b file.

15. You will be returned to the File name screen, click Next.

16. Once the process is complete, you will see the settings you specified, click Finish.

You now have a .pfx with a known password and a .p7b certificate to continue on to the next step.

Installation DOS Commands

Create the Keystore for Tomcat

Convert .pfx certificate file to JKS:

1. Launch a command prompt on the web server.

2. From Java folder (eg. C:\Program Files\Java\jre7\bin) run the following command:

Sample: keytool -importkeystore -srckeystore e:\certificate.pfx -srcstoretype pkcs12 -destkeystore destcert.jks -deststoretype JKS -storepass <yourpassword>

Actual: keytool -importkeystore -srckeystore e:\incoming\lorassl\avolvecloudsslcom.pfx -srcstoretype pkcs12 -destkeystore pdtomcert.jks -deststoretype JKS -storepass MyPassword

3. The result will give you the keyAlias value.

Entry for alias le-c5a08b67-625c-4184-8769-59eca73b6b55 successfully imported.

Import command completed:  1 entries successfully imported, 0 entries failed or

cancelled

NOTE:  In the above command, we did not provide a path for the –destkeystore parameter therefore, the JKS file is created in Java bin folder.

4. Copy the C:\Program Files\IGC\Tomcat 8 For Brava\conf\your_p7b_file.p7b into C:\Program Files\Java\jre7\bin.

5. Import certificate into JKS file (which is the keystore) using this command:

Sample: keytool -import -trustcacerts -alias alias_from_jks_file -file your_p7b_file.p7b -keystore destcert.jks -storepass <yourpassword>

Actual: keytool -import -trustcacerts -alias le-c5a08b67-625c-4184-8769-59eca73b6b55 -file ssl_certificate.p7b -keystore pdtomcert.jks -storepass <yourpassword>

Edit Apache Tomcat server.xml

1. Copy destination JKS file to C:\Program Files\IGC\Tomcat 8 For Brava\conf folder.

2. Before changes are made to the server.xml file, save the original file as server.xmlOrig.

NOTE:  If for any reason you need to revert to non SSL, activating the original file will make it very easy.

3. Edit C:\Program Files\IGC\Tomcat 8 For Brava\conf\server.xml You can skip a-d if you copy the server.xml file from \ProjectDox\Integration\BravaPlugin\JP folder and edit the following 2 values, this example is configured for SSL.

keystorePass="<<KEYSTOREPASSWORD>>"
keyAlias="<<KEYALIAS>>"

4. Uncomment the following section:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"

               clientAuth="false" sslProtocol="TLS" />

5. Update Tomcat to use newer TLS protocols by replacing sslProtocol=”TLS” with sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"

6. Add new keys to that section:

 <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

             maxThreads="150" SSLEnabled="true" scheme="https" secure="true"

clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"

keystoreFile="${catalina.base}/conf/pdtomcert.jks"               

keystorePass=”XXXXXXXXXX”

keyAlias=”XXXXXXXXXXXXXXXXXXXX”

ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,

                    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,

                    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,

                    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,

                    TLS_ECDHE_RSA_WITH_RC4_128_SHA,

                    TLS_RSA_WITH_AES_128_CBC_SHA256,

                    TLS_RSA_WITH_AES_128_CBC_SHA,

                    TLS_RSA_WITH_AES_256_CBC_SHA256,

                    TLS_RSA_WITH_AES_256_CBC_SHA,

                    SSL_RSA_WITH_RC4_128_SHA"

 />

7. Save the server.xml file.

Apache Tomcat Logging

To turn off the logs in Tomcat that create excessive large files named localhost_access_log, comment out the following line:

<Valve className=”org.apache.catalina.valves.AccessLogValve”   directory=”logs” prefix=”localhost_access_log.” Suffix=”.txt” pattern=”%h %l %u %t &quot;%r&quot; %s %b” />

Restart Apache Tomcat

1. Stop the Apache Tomcat Service on the web server.

2. Start the Apache Tomcat Service on the web server.

3. Test viewing file from within ProjectDox application.

ProjectDox Viewer Technologies

 

 

 

ProjectDox Viewer Technologies

ProjectDox Viewer is available in ActiveX for PDOX 6.x, 7.x, 8.x.  ProjectDox Flash Viewer is available for PDOX 8.1.x.   ProjectDox HTML5 Viewer is available for PDOX 8.2.x and PDOX 8.3.x. The ActiveX client offers the highest level of functionality and performance and works best on Windows with IE.

Features

ActiveX

Flash

HTML

View

x

1

1

Supports Video

  

x

  

Find

x

x

x

Annotate

x

x

x

Publishing

x

x

x

Redaction

x

  

4

Compare

x

  

3

Measure

x

    

Takeoff

x

    

Print

x

2

2

1: Limited CAD viewing support
2: Printing supported, but performance and features less than ActiveX/Java versions
3: Text compare report only
4: Redaction not supported on iPad

Platform

ActiveX

Flash

HTML

PC

x

x

x

MAC

  

x

x

Browsers

1

x

x

Tablet

    

iPad

Note 1: ActiveX client will work on most browsers, but performs best in IE.

 

Revised 02-18-2015

Upgrading Apache Tomcat

Upgrade Apache Tomcat


1.     Backup Tomcat folder if it exists ensuring that you backup at a minimum the following items

  • BravaServer in webapps
  • All configuration *.config files in conf folder
  • JKS and SSL certificate file in conf folder

2.     Uninstall previous Java Runtime Environment

3.     Uninstall previous Tomcat server

4.     Download the Java Installer and the appropriate Apache Tomcat installers

5.     Restart web server

6.     Install the JavaSetup8u221 executable with all the defaults

7.     Install the Apache Tomcat 9.0.31 executable

8.     During installation provide pd_usr login and password which saves the values in the tomcat-users.xml file with manager-gui role. (NOTE: The password will not be encrypted)

9.     On finish do not start the Apache Tomcat Service when asked by the installer

10.  Copy BravaServer to the webapps folder and configuration files along with JKS and SSL certificate to conf folder (eg. E:\Program Files (x86)\Apache Software FoundationOld\webapps\BravaServer)

11.  Configure Apache Tomcat service to run under pd_usr, set to Automatic start, and set it to Restart on any failures for 1st, 2nd, and subsequent failures

12.  Start the service

13.  Verify HTML5 publishing and viewing are successful by uploading a new file and using a non-Internet Explorer browser, try to view the uploaded file

 

Apache Tomcat Max Memory Pool Update

To access the dialog in the screenshot below, double click on Tomcat8w.exe in the \Program Files\IGC\Brava\bin folder

  • Double click the Tomcat8 executable with the “w.exe” which will open the Tomcat Properties dialog
  • Tomcat8w is a GUI application for monitoring and configuring Tomcat services
  • Click on the Java tab and update the Maximum memory pool to 1024
  • Restart the Apache Tomcat service

Java Heap Update

When Brava! is used in a production environment with Apache Tomcat as the servlet engine, it is recommended that the Apache Tomcat JVM Heap Size setting be increased from the default (128MB min - 256MB max) to 1GB max to prevent the Brava! Server from becoming unresponsive.

  1. Go to the Control Panel and launch the Java Console
  2. Choose the Java tab, click View
  3. Choose the System tab and click into the Runtime Parameters
  4. Set the Apache Tomcat JVM Heap Size for production at 1GB, by typing -Xms1024m
  5. Click OK and navigate out of the Control Panel

 

 

Post Install Tasks


1.  Services:  Ensure that all ProjectDox Services are restarted

  1. Check that each ProjectDox Service is configured to login with the appropriate account for each
  2. Set Failures to Retry for 1st, 2nd and 3rd Retries
  3. Change the Startup type to Automatic and then restart the services
  4. Check Debug.txt file for any errors and correct

2.  Apache Tomcat Log Files:  The log files for the Apache Tomcat web server will continuously accumulate on the web server until they eventually will consume the entire storage space on the partition where Apache is installed.  To prevent this from happening, you can comment out the following line in the server.xml file for your Tomcat installation.

 

<Valve className=”org.apache.catalina.valves.AccessLogValve”  directory=”logs” prefix=”localhost_access_log.” Suffix=”.txt” pattern=”%h %l %u %t &quot;%r&quot; %s %b” />