Use custom SSL certificate for https

This document describes how to configure PhenixID Server to use a custom SSL certificate for https.

NOTE: Make sure to have backup of configuration file phenix-store.json before doing any changes.

System requirements

  • The SSL certificate to be used, stored as a keystore file (.p12) and the keystore password.

Upload the certificate to the server

Follow this guide to upload the certificate as a PhenixID keystore.

Create new http connection

In the Configuration gui, go to Connections/HTTP.
Create a new connection, set the name, port and enable SSL/TLS.
Set "SSL Keystore" to the certificate uploaded in previous step.
Copy the id of the new connection, it will be used in next step.

Protect Configuration Manager with the uploaded certificate

We can now configure this new connection for use with Configuration Manager.
This is done in boot.json, so make sure to have a backup/copy of this file before doing the changes.

  • If present, remove all "ssl" parameters e.g. "ssl":"true"
  • If present, remove all "port" parameters e.g.  "port":"8443"
  • Add the previously configured http configuration to phenixidentity~phenix-prism by setting "httpConfig":"<ID_OF_HTTPConnection>"

Configuration should now look like this:

When done, save the file and restart the service.

Protect PAS web applications with the uploaded certificate

To use the certificate with the different PAS applications, go to the Advanced tab of the specific application.
Then choose the newly created HTTP connection:

Save the configuration. No restart should be needed.

Verify SSL certificate

  1. Open a web browser
  2. Browse to PhenixID server
  3. Verify https certificate