Skip to end of metadata
Go to start of metadata

Only applicable to the BiZZdesign on-premise solution.

The Team Server supports working with certificates issued by trusted certificate authorities. BiZZdesign has tested the HTTPS with a JKS and p12/pfx certificate.

To ensure your Team Server instance is using a certificate authority issued certificate, the following steps are needed as part of the Team Server configuration.

The settings mentioned in this topic are case sensitive. In case of debugging issues with HTTPS, please also check whether settings are spelled correctly.

Creating a keystore

The Team Server uses Java keystores to configure SSL certificates and keys. Usually, signing authorities provide instructions on how to create a Java keystore. If no such instruction was provided to you, please refer to the following page for instructions:

How do I create a keystore with an SSL certificate for the Team Server?

Once you have successfully created your keystore, you need to configure your Team Server instance to use this keystore.

Configuring the HTTPS port

To enable HTTPS, open the wrapper.conf file (TeamServerHome\conf folder) in a text editor, locate the section that starts with # Java Additional Parameters, and do as follows:

  1. Disable the HTTP port by adding the following line:

    wrapper.java.additional.5 = -Dhttp.port=disabled

  2. Choose an HTTPS port you want the Team Server to run on:

    wrapper.java.additional.6 = -Dhttps.port=443

    Advised port number to use is 443.

    After choosing a port number, make sure that this port is also open in your firewall settings.

  3. Specify the path to the keystore containing the private key and certificate, if not provided, it will generate a keystore for you.

    wrapper.java.additional.7 = -Dplay.server.https.keyStore.path=D://LocationOfCertificate//keystorename.jks

    or

    wrapper.java.additional.7 = -Dplay.server.https.keyStore.path=D://LocationOfCertificate//keystorename.p12

  4. Enter the password of your certificate:

    wrapper.java.additional.8 = -Dplay.server.https.keyStore.password=MyPassword

  5. Specify the keystore type. Choose the JKS or PKCS12 certificate:

    wrapper.java.additional.9 = -Dplay.server.https.keyStoreType=JKS

    or

    wrapper.java.additional.9 = -Dplay.server.https.keyStoreType=PKCS12

  6. Save the changes and close the file.

Configuring the default teamServiceUrl

  1. Open the application.conf file (TeamServerHome\conf folder), and replace the default URL by changing the value of http://localhost:9000 to your desired HTTPS URL. For example:

    teamServiceUrl="https://localhost:443"

  2. Save the changes and close the file.


Stop and restart the Team Server after completing the above procedures. When opening the Team Server in the web browser, you should now correctly be directed to the sign-in page over HTTPS.

Testing the SSL functionality

To test the SSL functionality, an example of a BiZZdesign supplied certificate (of type JKS) is available: bizzdesigntest.jks

If you can run this example file successfully, you would only need to replace the keystore with a certificate issued by your Certificate Authority (CA). Make sure you have configured the teamServiceUrl in the application.conf file (as mentioned above) before you perform the test.

In your wrapper.conf file, refer to the downloaded test file, and then start the Team Server.

# Java Additional Parameters
wrapper.java.additional.1= -Dconfig.file=${wrapper_home}/conf/application.conf
wrapper.java.additional.2= -Dhttp.port=9000
wrapper.java.additional.3 = -Dhttp.port=disabled
wrapper.java.additional.4 = -Dhttps.port=443
wrapper.java.additional.5 = -Dplay.server.https.keyStore.path=C://Keystore//bizzdesigntest.jks
#location of the keystore
wrapper.java.additional.6 = -Dplay.server.https.keyStore.password=changeit
#password for the keystore is changeit
wrapper.java.additional.7 = -Dplay.server.https.keyStoreType=JKS


When everything checks out, the Team Server will start up and listen on port 443. Please take note that the used example is a self-signed certificate. It will come up with a warning that it is unsafe, but it proves that the HTTPS settings are correct. If you get to this point, you would only need to have a valid JKS or P12 keystore.



Clicking the "Not secure" text (Chrome) or padlock icon (other browser) in the address bar will provide information about the certificate, similar to the example below.