Breadcrumbs

Configuring Cloudpaging SSL Certificates

Prerequisites

Customers must request and provide valid SSL Certificates.

Applying the SSL certificate

Windows

  1. Connect to one Cloudpaging Admin Server

  2. Rename the <certificate>.pfx file to cloudpaging.pfx

  3. Copy Cloudpaging.pfx to the first Cloudpaging server and place it in C:\Program Files (x86)\Numecent\Application Jukebox Server

  4. Backup C:\Program Files (x86)\Numecent\Application Jukebox Server\core\conf\server.xml (copy and rename the file)

  5. Open Notepad with Administrative privileges and open the original server.xml

  6. Edit the keystoreFile="..." tag (see below), replacing the custom.keystore filename with cloudpaging.pfx

  7. Immediately after that entry add keystorePass="ThePassword" keystoreType="PKCS12" (with the correct password)

  8. Save server.xml

  9. Restart the Cloudpaging service

  10. Ensure the certificate is applied and Cloudpaging is functional via https://<server_fqdn>/jukeboxserver

  11. Copy C:\Program Files (x86)\Numecent\Application Jukebox Server\core\conf\server.xml to the next Cloudpaging server

  12. Restart the Cloudpaging service

  13. Ensure the certificate is applied and Cloudpaging is functional via https://<server_fqdn>/jukeboxserver

  14. Repeat steps 10-12 for the remaining Cloudpaging servers

Example Windows server.xml

<Connector acceptCount="100" clientAuth="false" disableUploadTimeout="true" enableLookups="false" keystoreFile="C:\Program Files (x86)\Numecent\Application Jukebox Server\cloudpaging.pfx" keystorePass="password" keystoreType="PKCS12" maxHttpHeaderSize="32768" maxThreads="300" minSpareThreads="25" URIEncoding="UTF-8" port="443" SSLProtocol="TLSv1.2" SSLEnabled="true" scheme="https" secure="true"/>

Linux

  1. SSH into the server through WinSCP with credentials from 1password

  2. Rename the new <certificate>.pfx file to cloudpaging.pfx

  3. Copy Cloudpaging.pfx to the first Cloudpaging server and place it in /usr/local/ApplicationJukebox/core/

  4. Backup /usr/local/ApplicationJukebox/core/conf/server.xml

  5. Open Notepad with Administrative privileges and open the original server.xml

  6. Edit the keystoreFile="..." tag (see below), replacing the custom.keystore filename with cloudpaging.pfx

  7. Immediately after that entry add keystorePass="ThePassword" keystoreType="PKCS12" (with the correct password)

  8. Save server.xml

  9. Restart the Cloudpaging service

  10. Ensure the certificate is applied and Cloudpaging is functional via https://<server_fqdn>/jukeboxserver

  11. Copy /usr/local/ApplicationJukebox/core/conf/server.xml to the next Cloudpaging server

  12. Restart the Cloudpaging service

  13. Ensure the certificate is applied and Cloudpaging is functional via https://<server_fqdn>/jukeboxserver

  14. Repeat steps 10-12 for the remaining Cloudpaging servers

Example Linux Server.xml

<Connector acceptCount="100" clientAuth="false" disableUploadTimeout="true" enableLookups="false" keystoreFile="/usr/local/ApplicationJukebox/core/cloudpaging.pfx" keystorePass="password" keystoreType="PKCS12" maxHttpHeaderSize="32768" maxThreads="300" minSpareThreads="25" URIEncoding="UTF-8" port="443" SSLProtocol="TLSv1.2" SSLEnabled="true" scheme="https" secure="true"/>

Rollback procedure

Windows

  1. Revert C:\Program Files (x86)\Numecent\Application Jukebox Server\core\conf\server.xml

  2. Restart Cloudpaging server

Linux

  1. Revert /usr/local/ApplicationJukebox/core/conf/server.xml

  2. Restart Cloudpaging server

Updating the certificate

If Cloudpaging is not using a Cloudpaging.pfx file, then it should be updated to use one.

Providing the customer uses health check load balancing there will be no outage.

Otherwise, the service will be offline whilst the master (live) server is updated (approx. 5 minutes).

To prevent an outage in the absence of health check load balancing, the secondary server should be updated first and verified. Once complete it should be switched in the load balancer to become the master (live) server. If manual switch over is required, it should be scheduled so the load balancer can be updated.

If there is only one server, the service will be:

  • At risk from the start of the change for approx. 15 minutes

  • Offline for approx. 5 minutes whilst the service restarts

Update Procedure

  1. Copy cloudpaging.pfx to cloudpaging.bak

  2. Overwrite cloudpaging.pfx

  3. Restart the service

  4. Check the Portal loads (https://localhost/jukeboxserver)

  5. Repeat steps 2-4 on the other servers

Rollback Procedure

  1. Copy cloudpaging.bak to cloudpaging.pfx

  2. Restart the service

  3. Check the Portal loads (https://localhost/jukeboxserver)