On this Page:

DocuPhase Forms and Connectors should always be run over https, as this is a secure channel. In order to do so, customers installing these applications must generate an SSL Certificate and configure the DocuPhase application to work with that certificate.

Prerequisites

In order to generate an SSL certificate, you will need one of the following:

1. A domain (recommended). This is often your company domain with a subdomain to represent the forms server, e.g. forms.mycompany.com.

   1. After selecting a domain, you must log in to the management panel for your domain provider and set the DNS records so that the domain points to the current public IP of your forms server.

2. A public IP address

Generate a Certificate

Next, choose a Certificate Authority. You may already work with a CA for your organizations other servers. Some common CA’s are GoDaddy, DigiCert, and Let’s Encrypt but there are many and no particular one is required or recommended by DocuPhase.

1. Follow your CA’s documentation to generate a certificate. They will usually require you to generate a provide a .csr (certificate request). Here are some tips for doing so:

2. Create a keystore

   1. Run a command prompt as administrator.

   2. Use the *cd* command to go to the folder containing the keystore application. Usually, this will in the OpenJDK installation directory, e.g.

      C:\Program Files\AdoptOpenJDK\jdk-13.0.0.33-hotspot\bin\keytool.exe

   3. Enter the following command (put everything on a single line, change folders if needed). Replace <path> with the path to the directory where you’d like to store your keys. For example, C:\Users\Nancy\ssl

      keytool -genkey -keyalg RSA -keysize 2048 -keystore <path>\forms.mycompany.com.keystore

   4. You will be asked to enter some values. Please record the keystore and key password(s) that you generate, as you will need this to configure your forms/connector application later. You’ll be prompted to confirm the values you entered - do so by typing “y” and enter.

   5. You should now have a new keystore ready with an unsigned certificate, located at the path you specified above.

   6. Next, you’ll generate a certificate signature request (.csr) to request the CA sign your certificate. On the command line, please enter the following command:

      keytool -certreq -keyalg RSA -file <path>\forms.mycompany.com.csr -keystore <path>\forms.mycompany.com.keystore

      1. You will be prompted to enter the master password for the keystore, which you created above.

      2. Now you have a new file in your directory named forms.mycompany.com.csr.

      3. Follow your CA’s process for providing the .csr. After the CA is done with processing your request, you should receive a set of signed (verified) certificates, which can now be added back to the keystore. Place them in a subdirectory of the directory your .csr and keystore are in, named ‘signed’ for clarity.

Add Signed Certificates to your Keystore

You now have to add each certificate that you have received from your CA back to the keystore. Most likely you have received three files: the CA’s certificate, an intermediate certificate and the one which applies to your domain (IP). Please use keytool.exe again to add them using the commands below. Please keep in mind, that for this tutorial our CA has supplied us with three files (AddTrustExternalCARoot.crt, PositiveSSLCA2.crt and forms_mycompany_com.crt), and we have stored them in a subdirectory of our original directory named ‘signed’.

This can also be accomplished similarly using openSSL. Example:

Configure your DocuPhase Forms/Connector application

1. First, stop the application (or service).

2. Locate the file where you will configure these settings, and open it in a text editor.

   1. Forms or multiple connectors installed in the Forms application: <frevvo home>/tomcat/conf/server.xml

      1. Locate the https port configurations. It defaults to 8443.

      2. Set the port you wish to use

      3. Add values in these properties. See the Installation Tasks: Tomcat SSL documentation.
         The values should be:
         keystoreFile= the path to your certificate
         keystorePass= the password to your certificate
         keystoreTyp= the certificate file type
         
         

   2. Standalone Database Connector <db home>/config/dbconnector.properties

      1. Add the following properties to the file

      2. Set the port you wish to use

      3. Add values to the following properties. See the Standalone DBC SSL documentation.

3. Save the file

4. Restart the application (or service).

Troubleshooting

Let’s say you installed your certifcate, but there is still a problem connecting over https. Here are some common errors you can check:

1. In the browser where you see the error, click the lock icon in the address bar. Click Connection is Secure/Not Secure, then Certificate the view the certificate details the browser has found. Check that the domain matches and the expiration date is in the future.

2. The domain used is not an FQDN and/or has not populated through DNS.

3. Check the certificate file itself using this command.
   
   

4. Use one of the SSL checker tools listed in Additional Resources, or one provided by your CA.

Additional Resources

This page is intended as a general guide; the customer is responsible for generating, updating and maintaining their own certificates according to their own procedures. Here are few articles and resources we have found helpful for others. DocuPhase does not specifically recommend nor have a partnership with any of the following resources provided.

• Article: Importing GoDaddy SSL Certificate into Tomcat

• Tool: NameCheap CSR Generator

• Article: Sectigo Converting SSL Certificate in Apache

• Article: Comodo Certificate Installation

• Article: The SSL Store Tomcat SSL Installation

• Tool: DigiCert SSL Checker

• Tool: The SSL Store SSL Checker