How-To Configure an On-Premises Contrast Server for HTTPS using a Self-Signed Certificate

  • Updated


The Contrast Documentation here details the process for configuring an On-Premises instance of the Contrast Server to use HTTPS with a CA-Signed certificate.  For demonstration purposes or perhaps for an air-gapped installation of the server where HTTPS is mandated it may be desirable to set up the server with a self-signed certificate for expediency.


The following example command uses the Java Keytool utility to create a Java Keystore named contrast-server.jks containing a private and public key pair and an associated self-signed certificate which is stored as a single-element certificate chain that is valid for 365 days with an alias of contrast-server:

keytool -genkeypair -keyalg RSA -alias contrast-server -keystore contrast-server.jks -validity 365 -keysize 2048

The Keytool command can be found in <YourPath>/jre/bin, where <YourPath> is the path where Contrast is installed, and note that any desired filename and alias can be specified, as well as other options as desired.

Respond to the prompts that follow - ensuring you remember the specified password.  The value provided for "first and last name" will denote the CN or Common Name that the certificate will be created for and should conventionally match the hostname of the system on which the Contrast Server is installed.  

Move or copy the jks file to any accessible location (for example <YourPath>/data/conf) and edit the <YourPath>/data/conf/ file to set the following values appropriately:

https.port=<desired port - e.g. 8443>
https.keystore.file=<location and name of the jks file>
https.keystore.pass=<specified password>
https.keystore.alias=<specified alias>



Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request