Objective
The Contrast Documentation here details the process for configuring an On-Premises instance of the Contrast Server to use HTTPS with a CA-Signed certificate. For demonstration purposes or perhaps for an air-gapped installation of the server where HTTPS is mandated it may be desirable to set up the server with a self-signed certificate for expediency.
Process
The following example command uses the Java Keytool utility to create a Java Keystore named contrast-server.jks
containing a private and public key pair and an associated self-signed certificate which is stored as a single-element certificate chain that is valid for 365 days with an alias of contrast-server
:
keytool -genkeypair -keyalg RSA -alias contrast-server -keystore contrast-server.jks -validity 365 -keysize 2048
The Keytool command can be found in <YourPath>/jre/bin
, where <YourPath>
is the path where Contrast is installed, and note that any desired filename and alias can be specified, as well as other options as desired.
Respond to the prompts that follow - ensuring you remember the specified password. The value provided for "first and last name" will denote the CN or Common Name that the certificate will be created for and should conventionally match the hostname of the system on which the Contrast Server is installed.
Move or copy the jks
file to any accessible location (for example <YourPath>/data/conf
) and edit the <YourPath>/data/conf/server.properties
file to set the following values appropriately:
https.enabled=true https.port=<desired port - e.g. 8443> https.keystore.file=<location and name of the jks file> https.keystore.pass=<specified password> https.keystore.alias=<specified alias>