These instructions show you how to configure HelpSystems Insite to run in secure sockets layer (SSL) mode all while using your browser on your desktop, or even on a mobile device, such as a phone or tablet. Steps include:

  • Generating a Certificate. These instructions demonstrate how to generate a self-signed certificate. If you wish to use trusted certificate authority (CA) certificates, go to Setting up Helpsystems Insite with a Trusted Certificate.
  • Enabling the Certificate on Windows or Linux. 
  • Accessing the Insite server with your browser.

Note: Additional information is available on the Apache Tomcat® website.

Generating a Self-Signed Certificate

You must first generate a .keystore file. Make sure to note the password you enter, as you’ll need this later.

For Windows

Insite comes packaged with its own JVM. To generate the .keystore file on Windows, do the following:

  1. Open the Command Prompt and go to the following directory:

    C:\Program Files (x86)\Help Systems\HelpSystems Insite\jvm\bin

  2. Enter the following command to generate the key using the keytool:

    keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore robotweb.keystore

  3. After creating a password, you’ll be prompted for your organization's information. When asked for your first and last name, specify the domain name of the server that users will enter in order to connect to Insite (e.g. 10.60.152.64) to help ensure that their certificates are valid when connecting to the server.

  4. After you have filled the requested fields, press Enter. The resulting robotweb.keystore file is located in your working directory (C:\Program Files (x86)\Help Systems\HelpSystems Insite\jvm\bin). 

For Linux:

  1. Enter the following command:

    "$JAVA_HOME/bin/keytool" -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore robotweb.keystore

  2. After creating a password, you’ll be prompted for your organization's information. When asked for your first and last name, specify the domain name of the server that users will enter in order to connect to Insite. For your first and last name if you do not have a DNS entry for the Insite server you are going to connect to you can use the IP address (e.g. 10.60.152.64). This helps ensure that their certificates are valid when connecting to the server. 
  3. The resulting robotweb.keystore file is located in your working directory.

Enabling the Certificate

  1. Stop the HelpSystems Insite Server service. 
    • On Windows, run services.msc to open the Services Manager.
    • Right-click HelpSystems Insite Server and choose Stop.
  2. Copy the robotweb.keystore file into the installation:
    • Windows: C:\Program Files(x86)\Help Systems\HelpSystems Insite\conf\
  3. Open and edit the server.xml file as follows. This file’s location depends on the directory where the portal server is installed (see step 2). Note: You can edit the server.xml file with any text editor. Be sure to create a backup a copy of the original file before editing. If you are not familiar with the XML format, we recommend using an XML-aware editor such as XML Notepad or Notepad++.
    1. Change the following settings in the Connector for protocol="HTTP/1.1":
      • Change port="3030" to port="8443"
      • Change protocol="HTTP/1.1" to protocol="org.apache.coyote.http11.Http11NioProtocol"
      • Change SSLEnabled="false" to SSLEnabled="true"
      • Change scheme="http" to scheme="https"
      • Change secure="false" to secure="true"
      • Change keystoreFile="conf/.keystore" to keystoreFile="conf/robotweb.keystore"
      • Change keystorePass="robotMP" to keystorePass="[password you created with the robotweb.keystore]"
      • Remove sslprotocol="TLS"
      • Add sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" 
      • Add ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"
    2. Uncomment and change redirectPort="8009" to redirectPort="8443" in the Connector for protocol="AJP/1.3".

    Note: Make sure the port 8009 is available and not being used by another process on the system. You can submit the command from a DOS prompt to view the assigned ports to verify:

    netstat -a | find "8009"

    If port 8009 is already in use and ‘listening’, change 8009 to a different port like 8008:

    Note: This <!-- is a comment --> and this < is not a comment /> in the xml.

  4. Save your changes to server.xml.
  5. Start the HelpSystems Insite Server to complete the configuration process.

Accessing the Page

  1. Change your browser links to use https (instead of http) and the correct port (8443).
  2. The browser link should look like this: https://x.x.x.x:8443/ where x.x.x.x is the IP address of your HelpSystems Insite server.

Note: Your browser may ask you to define an exception in order to access the page.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: April 09, 2019