• BLOG
  • How to secure Openspecimen with 3rd party (digicert) SSL certificate

    Please assist with guidance on securing Openspecimen with SSL certificate. I have spent several days trying various methods in /tomcat/conf/server.xml to secure Openspecimen with SSL certificate to no avail.
    Here are examples of what I have tried already with different variations.
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxHttpHeaderSize="8192" SSLEnabled="true" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" keystoreFile="/opt/tomcat/ssl/ahri.org.jks" keystorePass="xxxxxxxxxxx" clientAuth="false" sslProtocol="TLS" />


    <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" maxThreads="150" SSLEnabled="true" > <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> <SSLHostConfig> <Certificate certificateKeyFile="conf/wildcard_ahri_org.key" certificateFile="conf/star_ahri_org.pem" certificateChainFile="conf/DigiCertCA.pem" /> </SSLHostConfig> </Connector>

    All certs have been uploaded to keystore and have tried various cert formats p7b, pkcs12, pem, crt, etc. None seem to work and in some instances breaks tomcat and access to openspecimen is denied.

    I was also wondering if it would be easier to use apache to rather secure openspecimen site as im more familiar with secure apache configs than tomat.

    Hello @Brendan_Gilbert,

    The connector settings done in the server.xml file look fine.

    Could you please share the error you are facing? The log file can be found under $Tomcat_home/logs/catalina.out file.

    Yes. It would be easier to use Apache as a front end to secure OpenSpecimen. Let us know if you need any help with configuring Apache.

    Nilesh S.

    Hi @Nilesh_Salunke - Please find zipped log file for the 6th Jan 2023
    catalina.2023-01-06.zip (1.1 MB)

    @Nilesh_Salunke just quick follow up if you picked up anything from the logs?
    I have installed Apache and reverse proxied to tomcat - Although hoping to get SSL to work natively in Tomcat.

    Hello @Brendan_Gilbert,

    This seems to be an error with the SSL settings in the server.xml file of Tomcat. To resolve the SSL related errors in Tomcat, you will have to visit their respective forums.

    OpenSpecimen has no role in this.

    Nilesh S.