Please assist with guidance on securing Openspecimen with SSL certificate. I have spent several days trying various methods in /tomcat/conf/server.xml to secure Openspecimen with SSL certificate to no avail.
Here are examples of what I have tried already with different variations.
e.g.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxHttpHeaderSize="8192" SSLEnabled="true" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" keystoreFile="/opt/tomcat/ssl/ahri.org.jks" keystorePass="xxxxxxxxxxx" clientAuth="false" sslProtocol="TLS" />
and
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" maxThreads="150" SSLEnabled="true" > <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> <SSLHostConfig> <Certificate certificateKeyFile="conf/wildcard_ahri_org.key" certificateFile="conf/star_ahri_org.pem" certificateChainFile="conf/DigiCertCA.pem" /> </SSLHostConfig> </Connector>
All certs have been uploaded to keystore and have tried various cert formats p7b, pkcs12, pem, crt, etc. None seem to work and in some instances breaks tomcat and access to openspecimen is denied.
I was also wondering if it would be easier to use apache to rather secure openspecimen site as im more familiar with secure apache configs than tomat.