-
Notifications
You must be signed in to change notification settings - Fork 3
Advanced Setup Options
Luca Rossetto edited this page May 15, 2021
·
2 revisions
This page documents optional setup procedures for additional functionality.
DRES natively supports communication via HTTPS. Enabling secure connections can be required in order for modern browsers to use Cross-Origin Resource Sharing. To enable HTTPS, DRES requires a Java KeyStore with the certificates to be used, which has to be specified via the configuration file. The following shows an example on how to generate such a KeyStore file using a certificate from Let's Encrypt obtained using certbot. The following example assumes that the user has root privileges.
certbot certonly --standalone --preferred-challenges http -d <domain>
cat /etc/letsencrypt/live/<domain>/*.pem > fullchain.pem
openssl pkcs12 -export -out fullchain.pkcs12 -in fullchain.pem
keytool -genkey -keyalg RSA -alias sfdcsec -keystore keystore.jks
keytool -delete -alias sfdcsec -keystore keystore.jks
keytool -v -importkeystore -srckeystore fullchain.pkcs12 -destkeystore keystore.jks -deststoretype JKS