Configure Ports and Certificates to XpoLog GUI

Owned by Noga Aviram (Unlicensed)
Last updated: Jun 08, 2023
3 min read

XpoLog installation is based on a Tomcat application server and by default, Port 30303 is used for HTTP access and Port 30443 for HTTPS.

Ports may be changed easily via GUI at the ‘System Settings’ console:

For disabling an HTTP access to XpoLog, insert ‘0' in the HTTP Port field and click on 'Save’.

How To install an SSL certificate (HTTPS access)

XpoLog comes with a self signed certificate by default, as each organization has to provide a valid CA certificate specific to the env.
Keep in mind that encryption with the default certificate is not fully secure and you're encouraged to create and replace it with your organization's trusted CA certificate.
For better security, replace the default certificate with certificate signed by a trusted CA. We strongly recommend using CA certs (note that a self-signed certificate is considered untrusted by users' browsers).

In order to update your XpoLog env with a new certificate, make sure to hold the following details below:

  1. Certificate (Tomcat supports .jks and .pfx files)
    The file should contain the entire certificate chain plus the matching private key.

  2. KeystorePass (The password for the .jks OR .pfx file)

  3. KeyAlias + keyPass (Not mandatory - used for the server key and certificate inside the keystore. If not specified, the first key read from the keystore will be used)
    Key Pass is mandatory only in case you decide to set a different password for the private key.

Update Tomcat's server xml configuration file with the new certificate:

1. Locate the certificate under: /[INSTALLATION_DIR]/ServletContainer

2. Navigate to the configuration file which located at: /[INSTALLATION_DIR]/ServletContainer/conf/server.xml

3. Edit the server.xml with the following details:

<Connector SSLEnabled="true" acceptCount="100" clientAuth="false" compressableMimeType="text/html,text/xml" compression="on" compressionMinSize="2048" debug="0" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxPostSize="-1" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" noCompressionUserAgents="gozilla, traviata" port="30443" protocol="org.apache.coyote.http11.Http11NioProtocol" relaxedQueryChars="[]|{}^\`"<>" scheme="https" secure="true" sslProtocol="TLSv1.2" xpolog="ssl"><SSLHostConfig><Certificate certificateKeyAlias="[KEYALIAS]" certificateKeyPassword="[KEYPASS]" certificateKeystoreFile="/[INSTALLATION_DIR]/ServletContainer/[CERTIFICATE]" certificateKeystorePassword="[KETSTOREPASS]"/></SSLHostConfig></Connector>

4. Save the changes.

5. Restart XpoLog service, connect to XpoLog via HTTPS on the browser and confirm the secure access using the new certificate.

Pay attention to the following notes

In case the customer has CER file:
A single CER file will usually not be enough to properly configure an HTTPS-Connector in Tomcat or any other Web-/Application-Server.
Tomcat supports .jks and .pfx files so the only approach is to generate a .pfx file out from the .cer file.


In case the customer has PFX file:
When editing the server.xml file, please add the following field & value -> certificateKeystoreType="PKCS12" as below:

<Connector SSLEnabled="true" acceptCount="100" clientAuth="false" compressableMimeType="text/html,text/xml" compression="on" compressionMinSize="2048" debug="0" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxPostSize="-1" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" noCompressionUserAgents="gozilla, traviata" port="30443" protocol="org.apache.coyote.http11.Http11NioProtocol" relaxedQueryChars="[]|{}^\`"<>" scheme="https" secure="true" sslProtocol="TLSv1.2" xpolog="ssl"><SSLHostConfig><Certificate certificateKeyAlias="[KEYALIAS]" certificateKeyPassword="[KEYPASS]" certificateKeystoreFile="/[INSTALLATION_DIR]/ServletContainer/[CERTIFICATE]" certificateKeystorePassword="[KETSTOREPASS]" certificateKeystoreType="PKCS12"/></SSLHostConfig></Connector>

 

The given instrucations are identical for both Windows and Linux installations and relevant for Java 17 and Tomcat 10.

For installing a new certificate on an older installation, please contact us: support@xplg.com