Configuring Cloudpaging SSL Certificates
Prerequisites
Customers must request and provide a valid SSL certificate as detailed on Importing custom SSL certificates for AppsAnywhere. Once the certificate and key have been provided they must be converted to .pfx format before they can then be applied to Cloudpaging.
Please refer to https://software2.atlassian.net/wiki/spaces/CS/pages/928842558 for the conversion steps.
Updating Cloudpaging Certificates
The cloudpaging.pfx should be copied and saved as a backup, then the file can be replaced with the new .PFX and the Cloudpaging service restarted.
If Cloudpaging is not using a Cloudpaging.pfx file, then it should be updated to use one following the above procedure.
Providing the customer uses health check load balancing there will be no outage. Otherwise, the customer should be notified that the service will be offline whilst the master (live) server is updated (approx 5 minutes).
To prevent an outage in the absence of health check load balancing, the secondary server should be updated first and verified. Once complete it should be switched in the load balancer to become the master (live) server. If manual switch over is required, it should be scheduled with the customer so the load balancer can be updated.
If there is only one server the service will be:
At risk from the start of the change for approx. 15 minutes
Offline for approx. 5 minutes whilst the service restarts
Rollback procedure
Windows
Revert
C:\Program Files (x86)\Numecent\Application Jukebox Server\core\conf\server.xml
Restart Cloudpaging server
Linux
Revert
/usr/local/ApplicationJukebox/core/conf/server.xml
Restart Cloudpaging server
Procedure to apply the SSL certificate
Windows
Connect to one Cloudpaging Admin Server
Rename the <certificate>.pfx file to cloudpaging.pfx
Copy Cloudpaging.pfx to the first Cloudpaging server and place it in
C:\Program Files (x86)\Numecent\Application Jukebox Server
Backup
C:\Program Files (x86)\Numecent\Application Jukebox Server\core\conf\server.xml
Open Notepad with Administrative privileges and open the original server.xml
Edit the keystoreFile="..." tag (see below), replacing the custom.keystore filename with cloudpaging.pfx
Immediately after that entry add
keystorePass="ThePassword" keystoreType="PKCS12"
(with the correct password)Save server.xml
Restart the Cloudpaging service https://software2.atlassian.net/wiki/spaces/CS/pages/3044769919
Ensure the certificate is applied and Cloudpaging is functional
Copy
C:\Program Files (x86)\Numecent\Application Jukebox Server\core\conf\server.xml
to the next Cloudpaging serverRestart the Cloudpaging service
Ensure the certificate is applied and Cloudpaging is functional locally
Repeat steps 10-12 for the remaining Cloudpaging servers
Example line from server.xml
<Connector acceptCount="100" clientAuth="false" disableUploadTimeout="true" enableLookups="false" keystoreFile="C:\Program Files (x86)\Numecent\Application Jukebox Server\cloudpaging.pfx" keystorePass="password" keystoreType="PKCS12" maxHttpHeaderSize="32768" maxThreads="300" minSpareThreads="25" URIEncoding="UTF-8" port="443" SSLProtocol="TLSv1.2" SSLEnabled="true" scheme="https" secure="true"/>
Linux
SSH into the server through WinSCP with credentials from 1password
Rename the new <certificate>.pfx file to cloudpaging.pfx
Copy Cloudpaging.pfx to the first Cloudpaging server and place it in
CODE/usr/local/ApplicationJukebox/core/
Backup server.xml
CODE/usr/local/ApplicationJukebox/core/conf/server.xml
Open Notepad with Administrative privileges and open the original server.xml
Edit the keystoreFile="..." tag (see below), replacing the custom.keystore filename with cloudpaging.pfx
Immediately after that entry add
keystorePass="ThePassword" keystoreType="PKCS12"
(with the correct password)Save server.xml
Restart the Cloudpaging service https://software2.atlassian.net/wiki/spaces/CS/pages/3044769919
Ensure the certificate is applied and Cloudpaging is functional
Copy
/usr/local/ApplicationJukebox/core/conf/server.xml
to the next Cloudpaging serverRestart the Cloudpaging service
Ensure the certificate is applied and Cloudpaging is functional locally
Repeat steps 10-12 for the remaining Cloudpaging servers
Example line from server.xml
<Connector acceptCount="100" clientAuth="false" disableUploadTimeout="true" enableLookups="false" keystoreFile="/usr/local/ApplicationJukebox/core/cloudpaging.pfx" keystorePass="password" keystoreType="PKCS12" maxHttpHeaderSize="32768" maxThreads="300" minSpareThreads="25" URIEncoding="UTF-8" port="443" SSLProtocol="TLSv1.2" SSLEnabled="true" scheme="https" secure="true"/>