A description on how to setup SSL with AwareIM comes from GregK, Kaplan Design.
Although this describes the steps required on Windows it should basically work on Linux and Mac too.
First you need to create a local keystore file, it contains your private key and you add to it your registered certificate. Fortunately AwareIM comes with Java environment.
C:\AwareIM\JDK\bin>keytool -genkey -alias tomcat -keyalg RSA
changit is a standard password expected by Tomcat and unless you want to tell Tomcat explicitly that the password is different, I would stick with this one. It creates file . keystore in your home directory, in my case it was C:\Documents and Settings\Administrator.
Next you need to adjust Tomcat settings. Open file server.xml in AwareIM\Tomcat\conf directory and remove comment tags around the element on SSL connector
<Connector port=”8443″maxThreads=”150″ minSpareThreads=”25″ maxSpareThreads=”75″
enableLookups=”false” disableUploadTimeout=”true”
acceptCount=”100″ debug=”0″ scheme=”https” secure=”true”
clientAuth=”false” sslProtocol=”TLS” />
Needless to mention that AwareIM should not be running. That is all you need to use secure connection on https://www.yourserver.com:8443/AwareIM/. You do not have to get a certificate signed by a recognised CA if your site is not for external customers who may be scared away by the browser’s security message it displays if a certificate is not signed.
If you do need a signed certificate you have to create a certificate request. Use you private key in the .keystore file to create a request and run this line:
C:\AwareIM\JDK\bin>keytool -certreq -alias tomcat -file certreq.csr
You have to enter certain information like names and contacts in your organisation. For most CA’s you need to enter your site URL as the name. Check your CA instructions for details.
Some CA’s send only one certificate which makes the process slightly easier while many send you the web certificate and require you to download a root or chain certificate. You need to load both certificates to the same .keystore file that you used to create the certificate request. Be aware that some CA’s send certificates as text and you need to convert them to binaries with openSSL; check openssl.org and find a link to an installation package.
You have to load a root (chain) certificate to the keystore first:
C:\Documents and Settings\Administrator>C:\AwareIM\JDK\bin\keytool -import -alias yourCA -keystore .keystore -file path-to-your-certificate\certificate
Then do the web certificate with
C:\Documents and Settings\Administrator> C:\AwareIM\JDK\bin\keytool -import -alias tomcat -keystore .keystore -trustcacerts -file path-to-your-certificate\certificate
Restart AwareIM and it should work on https://www.yourserver.com:8443/AwareIM/…
