Self-Signed Certificate

Orson TDO Install Guide

HTTPS Setup

TDO can be accessed via either http or https. For https access, TDO can utilize either port 8443 or 443; you should determine which port should be used in your organization.

For http access, no certificate is required. For https access, you either need a self-signed certificate or a certficate generated by your organization.

Self-signed HTTPS certificate

The following instructions apply to both Windows and Linux installations.

If your organization will provide a certificate, you do not need to follow these steps.

To generate the certificate, use the keytool distributed with JDK. This is done at the command line in Linux and in a command / shell window in Windows. Ensure that you are in the directory where JDK is installed before running the following command:

$ keytool -genkey -keyalg RSA -alias <selfsigned> -keystore keystore.jks -storepass orsonkeystore -validity 360 -keysize 2048

Enter your key password in place of <selfsigned> in the command above.

(RETURN if same as keystore password):

For this question use IP (hostname) of server:

[Unknown]: 72.112.132.121

Place generated keystore.jks file in appdir/api on the Orson TDO server.

Signed Certificate

This is a certificate created within your organization and will be provided as a *.crt file. In order to use this with TDO, it must be converted to a keystore (*.jks) file.

Use the following commands to generate a JKS keystore from crt and key pair (if you have more than one one crt files, merge them to single certificate.crt). These commands will convert a *.crt file named 'certificate.crt' into a JKS file named 'keystore.jks'. You should modify the first command as needed to meet your input file name.

1) Export certificate to PKCS12 format:

openssl pkcs12 -export -in certificate.crt -inkey certificate.key -out certificate.p12

2) keytool -importkeystore -srckeystore certificate.p12 -srcstoretype PKCS12 -destkeystore keystore.jks -deststoretype JKS -deststorepass orsonkeystore

Once your keystore.jks file has been generated, it should be placed in the TDO/api folder on the TDO server.

Next, modify the TDO\api\conf\common\server.json file on the TDO server. Open this file in a text editor and change port to 8443 or 443 and https to true. Save the file and exit.

Navigate to TDO\engine\conf\common on the TDO server and open the filestreams.json file in a text editor. Change the port to 8443 or 443 and https to true. Save the file and exit.

Once the keystore file is in the right place and these configuration file changes have been made, TDO is ready for https operation. Stop and restart the application in order for these changes to take effect.